SELinux is Dead !

No really it isn't but so isn't AppArmor, altough Russel claims it is. Weird how he totally rewords the OpenSuse statements

From "While our customer experience shows that AppArmor is the best solution for the vast majority of users, applications, and use cases, we want to give all of our users the ability to choose the security framework that’s appropriate for their respective environments and needs. We continue to enable AppArmor as our default Host Intrusion Prevention System......"

To "The next step will be to make SE Linux the default and AppArmor the one that exists in a repository, and the step after that will be to remove AppArmor."

Given Ubuntu's AppArmor adoption I don't see it die that fast ...

The real problem is who uses AppArmor or SELinux, sadly most of the installations I run into have none of both technologies enabled. Most Admins overrule their favourite distro's default config. The reason is pretty obvious as I've heard a lot of intelligent people say "Life Is Too short For SELinux"

So I wonder, how can you die if you never were really alive ?


neo's picture

#1 neo : Ubuntu adopting something is

Ubuntu adopting something is no guarantee of it's success since they have practically no upstream developers. Novell has a long long history of dropping technologies and later following Red Hat. Switching to GNOME in SLES, dropping reiserfs support etc etc. Make yourself aware of what Novell has been upto in the past and Rusell's reasoning becomes more apparent.

Ghosty's picture

#2 Ghosty : Thats just because they are lazy

Yes I admit in the beginning I was also that lazy and just turned off SELinux.
Since I work in secure environments we just made a policy of it never to turn off SELinux (well except in testing if you want to debug some SELinux things ... It's not that hard to make your own modules for SELinux, so in our company you build an SELinux module for every package that requires extra privileges. It's a 5 min job so it won't kill you ...