

Ask HN: SELinux, opinions? - antocv

SELinux was developed primarily by NSA and I remember back in the day I had a distaste for using it just because of that fact. It was a huge code-base with hooks all over the place for various modules, just didnt sit right with security - minimize LOC and exposure. Instead I chose grsecurity and RBAC.<p>What is the opinion today, is SELinux preferred over alternatives such as Tomoyo?
======
gbraad
SELinux... do not turn it off! And when people tell you to do so are too lazy
to understand it.

Never heard of Tomoyo... maybe AppArmor

------
noja
SELinux is preferred: it's in Red Hat.

I've not heard of Tomoyo.

------
anxiousest
SELinux default policies are usually written per distribution, by their
maintainers. It's widely used and peer reviewed (Fedora, Red Hat) I'd trust it
over any less involved attempt at emulating it.

