I’m considering implementing SELinux in my Debian setup, but I’ve read that it was initially developed by the NSA.

Can anyone shed any light on this? Has SELinux been audited? When and by whom? Does the NSA still have anything to do with SELinux, or is this a “US Navy creating Tor” sort of scenario?

  • NegativeLookBehind@lemmy.world
    link
    fedilink
    arrow-up
    3
    ·
    8 months ago

    It’s worth noting that SE Linux takes considerable knowledge to administer correctly in many scenarios, and can lead to some strange problems if you don’t know what you’re doing. Definitely worth learning about, though.

    • phanto
      link
      fedilink
      arrow-up
      3
      arrow-down
      1
      ·
      8 months ago

      SELinux: Tries doing a thing, didn’t work Spend eight hours trying various crap. setenforce 0 Works now Five minutes cussing 30 seconds googling how to set the context Works forever

      Tries doing a thing…

      • elshandra@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        8 months ago

        Yeah it’s really not that difficult once you get the basic concepts, then it’s navigating your own maze of rules :p

        Things like ausearch, aureport, audit2allow make light work of it.