I’m considering implementing SELinux in my Debian setup, but I’ve read that it was initially developed by the NSA.

Can anyone shed any light on this? Has SELinux been audited? When and by whom? Does the NSA still have anything to do with SELinux, or is this a “US Navy creating Tor” sort of scenario?

  • mox
    233 months ago

    I have no concerns about it.

    • It is well-known.
    • It is completely open.
    • It has been in wide use for decades.
    • In that time, there has never been a reason to believe it’s malicious.
    • It is not an encryption tool, but an add-on for denying actions that would otherwise be allowed.

    It’s not unusual for US government agencies to develop or fund technologies that end up used by the whole world. The internet is another example.