I’m considering implementing SELinux in my Debian setup, but I’ve read that it was initially developed by the NSA.

Can anyone shed any light on this? Has SELinux been audited? When and by whom? Does the NSA still have anything to do with SELinux, or is this a “US Navy creating Tor” sort of scenario?

  • mox
    link
    fedilink
    22
    edit-2
    9 months ago

    I have no concerns about it.

    • It is well-known.
    • It is completely open.
    • It has been in wide use for decades.
    • In that time, there has never been a reason to believe it’s malicious.
    • It is not an encryption tool, but an add-on for denying actions that would otherwise be allowed.

    It’s not unusual for US government agencies to develop or fund technologies that end up used by the whole world. The internet is another example.

    • @kylian0087
      link
      39 months ago

      Also one other great example is GPS. Just like SELinux it is very well understood and open.