Re: SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Timothy Murphy wrote:
Paul Howarth wrote:

Which level of SELinux you recommend for a personal laptop? I mean, if
you are not offering any service to internet or you don't have many users
and stuff is it really necessary?
I have SELinux enabled on *all* of my machines. But then I know how to
fix SELinux issues when they crop up. If it works for you when enabled,
you're better off having it, since it offers an additional layer of
protection. You don't need to have multiple users or to be offering
services on the Internet to get your machine compromised.

I must admit I have taken the opposite tack.
I enabled SELinux for a while, but it caused several problems
(which unlike Paul I had difficulty solving)
and in the end I decided the tiny amount of protection it offered
was simply not worth the hassle.

I'm running shorewall on my desktop (connected to the internet)
and it seems to me - though I am no expert -
that this offers sufficient security for my purposes.

It wouldn't protect you against a browser vulnerability triggered by visiting a malicious website. There are probably many other types of vulnerability that firewalls don't help with too.

(I'm a shorewall user myself too btw)

I have a sneaking suspicion that SELinux is put forward,
to some extent, as a kind of window-dressing
to support the argument that Linux is safer than Windows.

SELinus is far from being window-dressing; when configured properly it is capable of restricting each process to the minimum capabilities that that process needs to do its job, and most exploits require that processes be circumvented to so something else, hence SELinux offers protection against those exploits.

Paul.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux