Rahul Sundaram wrote: > oh please. I was discussing about the NEED of SELinux for everyone But does _everyone_ need SELinux? I'm willing to be convinced, but I haven't been yet. I think I am probably a typical home user, perhaps with a bit more equipment than normal. My connection to the outside world is through my desktop, and ADSL. I connect to my ISP by dhcp (and pppoe). I'm running shorewall standard two-interface setup on my desktop. As far as I can see, this means that no-one outside my system should be able to get in, and I certainly see hundreds of packets each day on LogWatch that have failed to get in through a large number of ports. (1) Am I deluded in thinking myself reasonably safe? (2) It also seems to me that if someone did succeed in getting in they would very probably have superuser privileges, and so could counteract SELinux if they wanted to? So for both these reasons (but mainly (1)) I remain unconvinced that SELinux has anything to offer _me_. And what is more, it seems to me that the same will apply to most home users, who I assume are not running web servers accessible by the world. -- Timothy Murphy e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
