Could be a lot better
Posted Apr 8, 2004 2:36 UTC (Thu) by elanthis
Parent article: First SELinux impressions
SELinux feels and acts completely alien on a Linux system. The entire design is so unlike the way a UNIX veteran would expect the system to be built. Complex configuration tools that aren't friendly standard system utilities like grep and awk, requiring configuration information to be stored in multiple places, reinventing wheels instead of improving the wheel, etc.
I'm working on a write-up regarding how SELinux *could* have been designed, and how it can be improved in user-space with no changes to the core SELinux code and design. I was hoping to have it finished tonight, actually, but I'm a bit weery of writing after some 4 hours of it.
Really, tho, SELinux is *not* the best implementation of a security framework at all. It's a bit sad Red Hat/Fedora are putting so much effort into switching to it when a more sane, integrated, UNIX-like security framework could be used. SELinux, as is, is just a nightmare to try to configure and use at all.
to post comments)