I’m considering implementing SELinux in my Debian setup, but I’ve read that it was initially developed by the NSA.
Can anyone shed any light on this? Has SELinux been audited? When and by whom? Does the NSA still have anything to do with SELinux, or is this a “US Navy creating Tor” sort of scenario?
It’s worth noting that SE Linux takes considerable knowledge to administer correctly in many scenarios, and can lead to some strange problems if you don’t know what you’re doing. Definitely worth learning about, though.
SELinux: Tries doing a thing, didn’t work Spend eight hours trying various crap. setenforce 0 Works now Five minutes cussing 30 seconds googling how to set the context Works forever
Tries doing a thing…
Yeah it’s really not that difficult once you get the basic concepts, then it’s navigating your own maze of rules :p
Things like ausearch, aureport, audit2allow make light work of it.