Re: Conflicted about SELinux; need advice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2004-11-15 at 23:18 +0000, James Wilkinson wrote:
> Marc Schwartz wrote:
> > Ultimately, it is your call, but I would not use the "I am not running
> > servers" argument as the basis for using or not using SELinux. More
> > security is a good thing, even on a desktop.
> 
> Mind you, the default targeted policy might not buy you much on a
> "normal" desktop.
> 
> http://fedora.redhat.com/docs/selinux-faq-fc3/ says:
> 
> # dhcpd, httpd (apache.te), named, nscd, ntpd, portmap, snmpd, squid,
> # and syslogd [are protected].
> 
> A normal desktop shouldn't need httpd, named, or squid. Many of them
> won't need portmap or snmpd. A solo desktop on dial-up probably won't
> want dhcpd or ntpd (and almost certainly won't want portmap and snmpd).
> 
> That leaves syslogd, which shouldn't be open to the network in these
> situations, and nscd. Which I've just realized I'm not even running...


No disagreement, though it does provides an easy transition for someone
who wants to begin to learn SELinux while operating in a relatively
basic and unobtrusive environment.

It would have been much more frustrating under FC2 with strict policy
enforcement.  :-)

Marc



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux