“SELinux, the US National Security Agency’s implementation of mandatory access control, is the most prominent new security subsystem in Linux. It comes installed by default in Fedora and Red Hat Enterprise Linux and is available in easy-to-install packages in other distributions. This article shows you how to convert a non-SELinux system by hand in order to expose details about how SELinux is integrated into a system.”
How-to Install SELinux in Gentoo
http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml
Linux should throw a curve ball and implement its own access control framework against the NSA. These people are totalitiarian and authoritiarian scum.
It makes me sick my tax dollars pay to have them spy on my own self!
Shows where you’ve been. There are alternatives to selinux.
You mean like:
http://www.novell.com/products/apparmor
it uses the same Linux kernel hooks, but is designed less for national security, and more for “regular folks”. Novell has made the code open-source.
And as for the NSA, they’re paid spies. Consider instead who told them to spy on your own self.
AppArmor, and other path-based frameworks, have severe limitations though.
Instead of repeating arguments, this thorough explains the issues quite well:
http://securityblog.org/brindle/2006/04/19/security-anti-pattern-pa…
Main issues with apparmor?
I’d say reliance on DAC to complement the MAC part and inherent ambiguity for file paths.
Give me a break.
-This is coming from a Stallmanist btw.
There is nothing wrong with using it as long as it’s GPL’d. Of course, you’d be absolutely free to use it if it wasn’t and was released under a closed source license. But then of course, your point would certainly be more valid.
A government agency is only as bad the as the administration controlling it.
Reason for being modded down?