HI > But does _everyone_ need SELinux? > I'm willing to be convinced, but I haven't been yet. it can prove itself beneficial to everyone. The selinux policies that ship as default in fc3 might not be as useful for a typical home user as much as a server but the amount of configuration that you have to do to get it up and running is near zero. > > (1) Am I deluded in thinking myself reasonably safe? no. you are pretty much safe with your setup but SELinux can still act as a internal firewall by preventing your programs from stepping into each other toes. > > (2) It also seems to me that if someone did succeed in getting in > they would very probably have superuser privileges, > and so could counteract SELinux if they wanted to? > Not true. it depends on the method used to get into your system. by running SELinux you are limiting the amount of privelages that you have to give for a program. think of it as chroot on steroids > So for both these reasons (but mainly (1)) > I remain unconvinced that SELinux has anything to offer _me_. > And what is more, it seems to me that the same will apply > to most home users, > who I assume are not running web servers accessible by the world. > > I would admit that for a typical home user SELinux in its current form in FC3 might not offer huge advantages but I would suggest you still get it up and running. If you do have problems then its pretty easy to turn off protection for specific deamons and then report your issues to bugzilla or fedora selinux list. Of course if you arent feeling convinced then continue with what you feel is the right thing to do -- Regards, Rahul Sundaram