Most Linux system administrators probably don't know what to make of
Mandatory Access Control and the Linux kernel security architecture but
I do not think that this is a strong argument against using it in Tails.
A recent article worth reading:
Overview of Linux Kernel Security Features
Thursday, 11 July 2013
"Editor's Note: This is a guest post from James Morris, the Linux kernel
security subsystem maintainer and manager of the mainline Linux kernel
development team at Oracle."
https://www.linux.com/learn/docs/727873-overview-of-linux-kernel-security-features/
Security would be improved by enabling SELinux enforcing mode (BTW:
CyanogenMod will do that soon:
http://www.cyanogenmod.org/blog/this-week-in-cm-july-19-13). Using
permissive mode can help to prepare for such a step.
There are many things which can be done to improve Tails:
https://labs.riseup.net/code/projects/tails
Removing Linux security features does not belong to those as far as I am
concerned. And I am more concerned about software where it is unknown if
the NSA was involved.
Cheers,
Andreas
---
Stephen Stewart:
> TAILS Developers,
>
> SELinux was created by the NSA. I first encountered SELinux as a userland program that ran on Red Hat and Fedora Linux, before it was submitted to kernel.org, but it is now built into the kernel of most Linux distributions.
>
> Since most Linux system administrators don't know what to make of SELinux, it usually runs in permissive mode and is largely ignored. I am convinced it is completely unnecessary and, considering the source, I suspect it may be hazardous.
>
> I'm concerned that SELinux may compromise TAILS and would encourage you to remove it from the kernel. Failing that, I will recompile TAILS without SELinux myself. Please let me if you want me to do that.
>
> Stephen Stewart
> _______________________________________________
> tails-dev mailing list
> tails-dev@???
> https://mailman.boum.org/listinfo/tails-dev
