You all seem to forget that this is a merging of anal retentive technologies from a US government bureacracy and the anarchy of 'Linux', which is not really a single anything accept a tree with lots and lots of code. This is the same US goverment (although not the same bureaucracy) that unleashed NIEM (niem.gov) onto the world, XML with no less than NINE NAMESPACES, which is supposed to be used for critical (read: things like 'Oh, the leavies may have been breached') data... On a lighter note, I've always been happy with TrustedBSD & TrustedSolaris, or OpenVMS ;-) On 7/18/06, David Leimbach wrote: > > On 7/18/06, Ronald G Minnich wrote: > > David Leimbach wrote: > > > > > It (SELINUX) was easily turned off with a switch in a conf file, but > > > it's such a pain in the ass, I don't know why it's in a "FC" style > > > distribution at all. > > > > The bigger question, which I can't quite figure out yet, is does selinux > > provide some magic dust that in turn provides a level of security not > > attainable any other way (i.e. in something like Plan 9) ... or, is it a > > set of hacks to cover for an obsolete way of doing things. I am tending > > toward thinking the latter, now that I've worked with it a bit. Watch > > the discussions on labeling files, it's interesting, because the label > > namespace seems to be fragmenting already. > > > > ron > > > > It's very clearly add-on technology to make up for something people > felt was unmanageable in Unix. However do we really need both ACLs > and SELINUX contexts? Do our files really need to have named hidden > data to store this crap in? > > I've honestly not read any papers justifying the need for ACLs or > SELINUX controls. > > I suddenly miss DOS. > > Dave > -- Lead thou me on, O Zeus, and Destiny, To that goal long ago to me assigned. I'll follow and not falter; if my will Prove weak and craven, still I'll follow on. -- Epictetus He who enters his wife's dressing room is a philosopher or a fool. -- Balzac