Rahul Sundaram wrote: >> I've always disabled SELinux, >> as I've never seen what advantages it could bring me, >> and it is clear from the newsgroups that it has caused lots of pain. > > > the targetted policy in fc3 should just work. if you need to learn > about the advantages there is a lot of docs regarding this online > > http://www.redhat.com/magazine/001nov04/features/selinux/ > http://fedora.redhat.com/docs/selinux-faq-fc3/ I've taken the liberty of changing the thread title, as this is not really related to upgrading from RH9 to FC3. I've skimmed through the two references above, and remain unconvinced that SELinux has anything to offer me, a fairly standard home Linux user. I connect to the world (by ADSL) through a desktop running shorewall, and I don't allow any access to this machine from outside. I have a number of other machines networked by Ethernet and WiFi to the desktop. I don't allow access to this system from outside, so it seems to me reasonably secure. More to the point, if someone did break in I'm not clear how SELinux would help. If the intruder could login as me he could destroy all my files, which would be very annoying, though not quite disastrous as I backup occasionally on another system. If the intruder could login as root I don't see how SELinux or anything else for that matter could save me. So I repeat that it is not clear how SELinux could help _me_. I'm sure that there are larger systems where the administrator does not know everyone on the system, when SELinux could be very useful. Equally, if people are offering httpsd or other services to external users, then SELinux may well have an important role. But not, it seems to me, for the simple home user. -- Timothy Murphy e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
