On Fri, 2004-11-05 at 10:28 +0000, Luke Kenneth Casson Leighton wrote: > On Thu, Nov 04, 2004 at 11:06:06PM -0500, Colin Walters wrote: > > On Thu, 2004-11-04 at 13:15 +0000, Luke Kenneth Casson Leighton wrote: > > > > > default: no. > > > > Why not on by default, > > i would agree with stephen that it should be compiled in, > default options "selinux=no".
I don't believe Stephen said that. He said that the performance hit in that case is just the LSM hooks. > that gives people the choice, It doesn't make sense to make security a "choice". The current Linux security model is simply inadequate. http://www.nsa.gov/selinux/papers/inevit-abs.cfm > without affecting performance. That's just a bug, and it's being worked on. Personally I don't notice any performance problems. > > with a targeted policy, for everyone? > > debianites have yet to be convinced of the benefits of > _anything_ to do with selinux [irrespective of whether they > are actually _aware_ of its benefits] That's what we're working on.
