Ask HN: SELinux, opinions?

3 points by antocv ↗ HN
SELinux was developed primarily by NSA and I remember back in the day I had a distaste for using it just because of that fact. It was a huge code-base with hooks all over the place for various modules, just didnt sit right with security - minimize LOC and exposure. Instead I chose grsecurity and RBAC.

What is the opinion today, is SELinux preferred over alternatives such as Tomoyo?

3 comments

[ 2.8 ms ] story [ 17.8 ms ] thread
SELinux is preferred: it's in Red Hat.

I've not heard of Tomoyo.

SELinux... do not turn it off! And when people tell you to do so are too lazy to understand it.

Never heard of Tomoyo... maybe AppArmor

SELinux default policies are usually written per distribution, by their maintainers. It's widely used and peer reviewed (Fedora, Red Hat) I'd trust it over any less involved attempt at emulating it.