Posted Apr 20, 2006 15:58 UTC (Thu) by shahms
In reply to: Systrace
Parent article: Quotes of the week
That "it was developed by the NSA for use within the U.S. Government to keep information secret even from system administrators" is simply not true. It is stated on the AppArmor FAQ and is just as incorrect there as well (along with a number of other assertions on that page). While MAC security systems in general can do this, with the exception of MLS (Multi-Level Security), most of the security models in SELinux are more focused on integrity than confidentiality.
SELinux is practical for common use. It is, however, new, different, and not particularly well documented at the sys admin level. There are a lot of recent developments making it far easier to use and significantly more modular that should help a lot with the perceived complexity. That perception has far more to do with the necessarily comprehensive nature of the policy and the general lack of familiarity with MAC.
to post comments)