On Sat, 2006-04-01 at 17:48 -0800, Kam Leo wrote: > On 4/1/06, Craig White <craigwhite@xxxxxxxxxxx> wrote: > > On Sun, 2006-04-02 at 03:01 +0300, Caser wrote: > > > Hi to all, > > > is there any risk if i disable SElinux > > > i have only one user (of course with root) > > ---- > > SELinux is not just about systems with local account access but about > > security layering so that if one element is broken, the machine isn't > > necessarily completely compromised. > > > > Is there any risk if you disable SELinux? Yes > > > > Should you care is the question you are apparently asking - and the > > answer I would give you is yes but it's a determination you have to make > > yourself. > > > > Craig > > > > With SELinux disabled Fedora Core is no better nor worse in regards to > security than other Linux distributions such as SUSE, Debian, or > Ubuntu. ---- Is that really relevant? Did my mother always let me go out and play when my friends were out playing? SELinux stuff isn't hard. But it does take a few minutes of time and attention to deal with the 'blocks' that arise - but it is these 'blocks' that confirm why it's installed in the first place. Granted it's easier to shut it off and I'm sure that when you are groping for justification for shutting off a layer of security on your Linux box, your above makes sense. The layer of security is for your benefit. Heck - why not shut off iptables? ' /sbin/service iptables stop' that makes it easier to use too. The reason you don't turn off iptables is because common sense tells you that it's a mistake. The same common sense should apply to SELinux - regardless of whether Debian/SuSE/Ubuntu etc. includes it. Craig
