James Morris, one of the core SELinux developers has a blog entry detailing the evolution of SELinux and how it has worked so far including a recent major performance boost using RCU (Read Copy Update) code in the Linux kernel.
Improvements in SELinux
About The Author
Adam Scheinberg
Technology Executive • Web Developer • Father • Foodie • Music Snob • OS enthusiast
Follow me on Mastodon @[email protected]
i hope so – especially in the performance dept, SELinux in FedoraCore-3 is one of my major peeves with that distro and one of the reasons i went back to Slackware, still thinking about switching to debian if Pat Volterding can not keep Slackware going :^(
i am truely worried about the furture of Slackware since it is my distro of choice…
“i hope so – especially in the performance dept”
fedora isnt slow due to SELinux code. see the recent performance chart in fedora devel list for reasons.
“SELinux in FedoraCore-3 is one of my major peeves with that distro and one of the reasons i went back to Slackware”
totally absurd. it is easily disabled.
http://fedora.redhat.com/docs/selinux-faq-fc3/
i know SELinux can be disabled…
i rather use it if it is part of the distro, i do like what Redhat/Fedora is doing (good distro) i already look forward to FedoraCore-4 to see whats new…
”
i rather use it if it is part of the distro, i do like what Redhat/Fedora is doing (good distro) i already look forward to FedoraCore-4 to see whats new…
”
then why do you claim this?
”
“SELinux in FedoraCore-3 is one of my major peeves with that distro and one of the reasons i went back to Slackware”
”
fedora core 3 has a targetted policy by default which is non intrusive and can be diasbled. what more could one want?
I know you’ll call me crazy but – being that the SELinux code was written by the NSA is anyone else skeptical about whether or not anything unseemly lies within? I guess that’s the good thing about open source… if there’s something inappropriate in there someone might eventually find it.
It was written first in 2000 for Linux and the code has been scrutnised multiple times by many developers. No. there is no hidden agenda with it
“is anyone else skeptical about whether or not anything unseemly lies within?”
Yes, lots of people are worried, well I should say “were worried” cause every noid hacker and forign government has taken a peek, so far nothing. Here is something that makes me feel better. If the NSA slipped something in other government agencies (FBI, NASA, Airforce, etc) could all be compromised this would have virtually everyone fired, the NSA funding ripped and the agency can go back to selling shoes so.. no Id say there is no way in hell malware was put in.
I got a chuckle from turning off SElinux in fedora to be too much work, yet he uses slackware as the alternitive heh. Calculators are too confusing so I just write my own in ASM =)
Fedora Core 3 is not slow because of SELinux. It’s slow by nature. I have 2 SELinux machines running just fine, one being a debian machine and the other a gentoo machine. Both are fast, stable, and secure. Wait, isn’t that like openbsd?
“Both are fast, stable, and secure. Wait, isn’t that like openbsd?
”
not true. for one thing openbsd has a monolithic kernel which lacks scalability. openbsd doesnt have a comprehensive MAC framework like SELinux in fedora either
The code was not done by the NSA, it was payed for in part by a grant they gave.
The NSA has done the same thing with other projects, it doesn’t actually get involved in them.
I know you’ll call me crazy but – being that the SELinux code was written by the NSA is anyone else skeptical about whether or not anything unseemly lies within? I guess that’s the good thing about open source… if there’s something inappropriate in there someone might eventually find it.
There is no such thing as really safe. But one principle of cryptography is that your cipher should be safe even if the alogoritm is known (as long as the key is secret). Having it out in the open makes it possible for many experts to have a peek.
I would be more worried about NSA involvement in closed source OSes and systems. E.g. What is the NSAkey file used for in windows? There have been similar rumors for Lotus Notes. It would be very easy for some intelligence organisation like NSA or similar in other countries to hire sombody at Microsoft, Sun,… to enter code that would make the security easier to break to his organization. Who is to know. If they get the right/wrong person in the right position nobody will ever questioin the code as it is closed source.
if one lives in the UK or USA, there are laws which would require you to give you passwords to the government if asked ANYWAY.