Sorry for the delay in replying, you forgot to CC me... On Tuesday 16 September 2008 22:12, Josselin Mouette <[EMAIL PROTECTED]> wrote: > Le dimanche 14 septembre 2008 à 21:32 +1000, Russell Coker a écrit : > > For a typical desktop system (such as my EeePC) a default installation of > > SE Linux in Lenny works for most things. > > What do you mean by "most things"? What is not working?
The things that are not likely to be security problems will work well. > > If you add the packages from my > > repository (see the above URL) then mplayer also works in a default > > configuration. > > Mplayer? That’s one application. Do all applications that are part of > the default setup work as expected? How many of them do not work without > using an external repository? The problem with mplayer is that it depends on libraries written and packaged by people who are more concerned about a possible 15% performance increase than a proven security risk. There is a SE Linux boolean that you can set to enable execmod access, reduce the security of your system, and get a performance benefit for some operations. > Is SELinux working out of the box? From your blog entries, I have the > strong feeling that it is not the case. Why don't you test it? I've documented how to enable it, it's really not difficult. > If the answer to this question is "yes", what is the reason for not > enabling it by default? I think that we should enable it by default as Fedora did years ago. But I think it's too late to do that now (and was too late on the 16th of Sep). -- [EMAIL PROTECTED] http://etbe.coker.com.au/ My Blog http://www.coker.com.au/sponsorship.html Sponsoring Free Software development -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
