|
|
Log in / Subscribe / Register

Could be a lot better

Could be a lot better

Posted Apr 8, 2004 2:36 UTC (Thu) by elanthis (guest, #6227)
Parent article: First SELinux impressions

SELinux feels and acts completely alien on a Linux system. The entire design is so unlike the way a UNIX veteran would expect the system to be built. Complex configuration tools that aren't friendly standard system utilities like grep and awk, requiring configuration information to be stored in multiple places, reinventing wheels instead of improving the wheel, etc.

I'm working on a write-up regarding how SELinux *could* have been designed, and how it can be improved in user-space with no changes to the core SELinux code and design. I was hoping to have it finished tonight, actually, but I'm a bit weery of writing after some 4 hours of it.

Really, tho, SELinux is *not* the best implementation of a security framework at all. It's a bit sad Red Hat/Fedora are putting so much effort into switching to it when a more sane, integrated, UNIX-like security framework could be used. SELinux, as is, is just a nightmare to try to configure and use at all.

to post comments

Could be a lot better

Posted Apr 8, 2004 16:11 UTC (Thu) by smoogen (subscriber, #97) [Link]

It is always easy to say how things *could* be designed... but it is very rare to see such things become actual code. I would say that a better model would be to write up your complaints and suggestions, and then get 10-20 coders to try and write your model.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds