Marc Schwartz wrote: > Ultimately, it is your call, but I would not use the "I am not running > servers" argument as the basis for using or not using SELinux. More > security is a good thing, even on a desktop. Mind you, the default targeted policy might not buy you much on a "normal" desktop. http://fedora.redhat.com/docs/selinux-faq-fc3/ says: # dhcpd, httpd (apache.te), named, nscd, ntpd, portmap, snmpd, squid, # and syslogd [are protected]. A normal desktop shouldn't need httpd, named, or squid. Many of them won't need portmap or snmpd. A solo desktop on dial-up probably won't want dhcpd or ntpd (and almost certainly won't want portmap and snmpd). That leaves syslogd, which shouldn't be open to the network in these situations, and nscd. Which I've just realized I'm not even running... James. -- E-mail address: james | "Luck is my middle name," said Rincewind, @westexe.demon.co.uk | indistinctly. "Mind you, my first name is Bad." | -- Terry Pratchett, Interesting Times
