Re: SELinux on single-user box?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ben Steeves wrote:

Hi Folks,

I'm not trying to start a flamewar or anything, this is an innocent question:

Is there any compelling reason to run SELinux on a home system that is
mainly "single-user" if you are running a well-configured firewall
with almost all services turned off or filtered?

SElinux is a second line of defense where security works through layers. SELinux strict policy in FC2 (disabled by default) would make the system much more secure but requires manual customisations depending on the usages. For FC3, Red Hat ( or more specific Dan Walsh) has come up with the SELinux targetted policy enabled by default where there were only a dozen deamons protected through SElinux which didnt make much of a difference in the desktop but also meant that it didnt get in your way and it didnt hurt to have to enabled it. FC4 has increased the number to 91 deamons where some of them do make a change for home users too. I dont think its obsolutely required in the sense that nothing *depends* on it but it would be a good idea to leave it on for the simple reason that it offers you security that no amount of firewalling would do. You can think of SELinux as a internal sandbox or firewall between applications themselves. Specifically its not just a server side security thing.

Hope that answers you

regards
Rahul


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux