Posted Apr 20, 2006 14:43 UTC (Thu) by mheily
Parent article: Quotes of the week
SELinux is an interesting idea in theory but is not practical for common use. Besides, it was developed by the NSA for use within the U.S. Government to keep information secret even from system administrators; the FAQ states that it "enables a single system to be used by users with differing security authorizations to access multiple kinds of information with differing security requirements without compromising those security requirements."
Unless you are in an organization that needs to keep top-secret information away from the 'root' user, SELinux is overkill. Besides, killing off the 'root' user is very uncool and not the UNIX way.
Thanks to excellent work by Marius Erikson, Systrace has been updated to work with recent 2.6 and 2.4 kernels under Linux. It has been a standard feature of the OpenBSD and NetBSD kernels for years, but the Linux port was not maintained. I hope the major Linux distributors will take note and start packaging and distributing Systrace again.
to post comments)