Re: Why do I need SELinux?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



HI

> But does _everyone_ need SELinux?
> I'm willing to be convinced, but I haven't been yet.

it can prove itself beneficial to everyone. The selinux policies that
ship as default in fc3 might not be as useful for a typical home user
as much as a server but the amount of configuration that you have to
do to get it up and running is near zero.

> 
> (1) Am I deluded in thinking myself reasonably safe?

no. you are pretty much safe with your setup but SELinux can still act
as a internal firewall by preventing your programs from stepping into
each other toes.

> 
> (2) It also seems to me that if someone did succeed in getting in
> they would very probably have superuser privileges,
> and so could counteract SELinux if they wanted to?
> 

Not true. it depends on the method used to get into your system. by
running SELinux you are limiting the amount of privelages that you
have to give for a program. think of it as  chroot on steroids


> So for both these reasons (but mainly (1))
> I remain unconvinced that SELinux has anything to offer _me_.
> And what is more, it seems to me that the same will apply
> to most home users,
> who I assume are not running web servers accessible by the world.
> 
> 


I would admit that for a typical home user SELinux in its current form
in FC3 might not offer huge advantages but I would suggest you still
get it up and running. If you do have problems then its pretty easy to
turn off protection for specific deamons and then report your issues
to bugzilla or fedora selinux list.


Of course if you arent feeling convinced then continue with what you
feel is the right thing to do





-- 
Regards,
Rahul Sundaram


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux