Okay, so I'm sitting here with a nice, stable FC1 configuration. Today,
it has seen uptime of over two months. In short, works great.
I decided the other day that I should probably upgrade to FC3. I skipped
FC2 since FC1 was still getting security updates and I didn't have a big
reason to change. Also, with the first appearance of kernel 2.6.x in
FC2, I just decided to let the kinks get worked out. Now that FC1
stopped getting security updates, I figured it was time to move along.
Now, of course, FC3 includes SELinux as an installation option. This is
both interesting to me and also the potential for a problem since:
1. SELinux is relatively new and this is the first mass deployment of
it. I remember that it got removed from FC2 while some kinks got worked
out there.
2. There is a learning curve and I'm at square 1 with it.
Honestly, I probably don't *need* the added security of this,
specifically. Security patches are fine and I keep up with things. This
is for a home system, and I'm not running major servers.
I'm tempted to just install FC3 without the SELinux support, but I'm not
sure what percentage of users is doing that. If everybody jumps left and
I jump right, I want to make sure that this doesn't affect problem
solving capability down stream. In other words, is every posting on this
list going to start by saying "I am [not] running SELinux..."
So, suggestions?
If it matters, I'll be doing a fresh install of "/boot" and "/", but
moving my home partition from FC1 to FC3. The home partition is ext3, if
that matters. I have heard that SELinux writes some auxiliary security
info for each file on disk ("labeling" ?). Will the installation handle
that automatically if I don't choose to reformat my old partition?
I read the Fedora SELinux FAQ, but it really assumes you understand a
bit of SELinux terminology already, which I currently don't.
--
Dave Roberts <ldave@xxxxxxxxxxxx>
