Paul Howarth wrote: >> Which level of SELinux you recommend for a personal laptop? I mean, if >> you are not offering any service to internet or you don't have many users >> and stuff is it really necessary? > > I have SELinux enabled on *all* of my machines. But then I know how to > fix SELinux issues when they crop up. If it works for you when enabled, > you're better off having it, since it offers an additional layer of > protection. You don't need to have multiple users or to be offering > services on the Internet to get your machine compromised. I must admit I have taken the opposite tack. I enabled SELinux for a while, but it caused several problems (which unlike Paul I had difficulty solving) and in the end I decided the tiny amount of protection it offered was simply not worth the hassle. I'm running shorewall on my desktop (connected to the internet) and it seems to me - though I am no expert - that this offers sufficient security for my purposes. I have a sneaking suspicion that SELinux is put forward, to some extent, as a kind of window-dressing to support the argument that Linux is safer than Windows. -- Timothy Murphy e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland