Re: Why do I need SELinux?

• To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
• Subject: Re: Why do I need SELinux?
• From: Rahul Sundaram <rahulsundaram@xxxxxxxxx>
• Date: Sun, 20 Feb 2005 22:47:26 +0530
• Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=mzywunvRLkHDNt5isfmCqKmZnQq207BTzYVEUJs7ERUkneR8kzBnereTzCT5uogiXwEVKb9X5RJeSf/6IZg7/YberjTCkfi0NfHh4v+c7Hi1QWZENfVzJEHgbGZwGcFCgMkHpaSRptn5Ly1l6t0+qd2oO4tj78rg/iY3Ye1xBog=
• In-reply-to: <[email protected]>
• List-archive: <https://www.redhat.com/archives/fedora-list>
• List-help: <mailto:[email protected]?subject=help>
• List-id: For users of Fedora Core releases <fedora-list.redhat.com>
• List-post: <mailto:[email protected]>
• List-subscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=unsubscribe>
• References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>
• Reply-to: Rahul Sundaram <rahulsundaram@xxxxxxxxx>, For users of Fedora Core releases <fedora-list@xxxxxxxxxx>

Hi

> It seems pretty good. However, a good defense-in-depth practice is to
> combine several layers of protection. SELinux is a good layer, although
> it creates a lot of complexity which may not be desirable in all
> scenarios.

the complexity comes from the flexibility of Apache. a policy that
protects apache with all of its flexibility but still restricts it is
bound to be complicated. You should be able to run apache under
targetted policy pretty easily. If you do have problems then read the
documentation given

http://fedora.redhat.com/docs/selinux-faq-fc3/ 

If that does not resolve your particular issue start a discussion in
the fedora selinux list.

the question you should be asking yourself when its comes to security
is not just why but also why not

-- 
Regards,
Rahul Sundaram

• References:
  • RH9 to Fedora
    • From: Bill McCormick
  • Re: RH9 to Fedora
    • From: Joel Jaeggli
  • Re: RH9 to Fedora
    • From: Timothy Murphy
  • Re: RH9 to Fedora
    • From: Rahul Sundaram
  • Why do I need SELinux?
    • From: Timothy Murphy
  • Re: Why do I need SELinux?
    • From: David Cary Hart
  • Re: Why do I need SELinux?
    • From: Felipe Alfaro Solana
  • Re: Why do I need SELinux?
    • From: Craig White
  • Re: Why do I need SELinux?
    • From: David Cary Hart
  • Re: Why do I need SELinux?
    • From: Felipe Alfaro Solana

• Prev by Date: Re: Minimum system requirements
• Next by Date: Re: Adding Correct Host Key
• Previous by thread: Re: Why do I need SELinux?
• Next by thread: Re: Why do I need SELinux?
• Index(es):
  • Date
  • Thread