---

SELinux vs. OpenBSD’s Default Security

“A thread on the OpenBSD-misc mailing list compared the security
of SELinux in the 2.6 Linux kernel to what’s available in OpenBSD.
The general opinion was that SELinux and its policy language are
too complex, leading Damien Miller to note, ‘every medium to large
Linux deployment that I am aware off has switched SELinux off. Once
you stray from the default configurations that the system
distributors ship with, the default policies no longer work and
things start to break.’ Ted Unangst summarized, ‘the problem with
security by policy is that the policy is always wrong…'”


Complete Story