-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Les wrote: > So, please educate my friends and I. What does SELinux do? How does > it do it? Why is it so tightly bound to the OS? And by the way, what > do you want it to do for you? Hi Les, You have your name in the reply-to field so you and the list will see this. My complaint about this thread was that it was FUD and no one was really answering any of the questions. And like many threads it turned into a round robin of 'I think it does this - but I don't know' and such back and forth. For days. The questions and concerns where understandable. The answers were mostly FUD. A quick Google search for selinux brings up pages, many pages, of information about what selinux is and what it is for. Am I a SElinux expert? Certainly not. Those people are on a different fedora list. But I do understand what SElinux does. And why it does it. And what it is for. I will post these five hits from the very first Google page: http://fedoraproject.org/wiki/SELinux http://www.nsa.gov/selinux/ http://selinux.sourceforge.net/about.php3 http://en.wikipedia.org/wiki/SELinux http://www.nsa.gov/selinux/info/faq.cfm which will provide more information than you would probably need or care to read. But more answers than what you received in the several days of this thread. The advantage you, as a Linux user, has over say, a Windows user, is that this code is OSS. You can read the code if you wish. That is one of, if not the main, problems with proprietary video drivers for example. I don't know if you use them, many do. Since you can not read the code for, say for Nvidia drivers, just how do you know that they haven't put something in it? To use to spy on you? Melt your monitor? Eat your baby? ;-) You can't. Another thought. All Linux distributions will eventually have SElinux or one of several other similar systems. Many already do. Fedora since FC-3 and I think since FC-2 Is this a good thing? Better than not having it. Can you avoid this? Sure. Easily. Just don't use a computer. Or an ATM. Or a bank. Hmm... I guess not so easily avoided after all. This last paragraph was intended to be humorous. I hope that you take it this way. BTW. Note the tagline. ;-) - -- David Quis custodiet ipsos custodies? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) iD8DBQFFsnCZAO0wNI1X4QERAgbzAJ9bfCeuahtbVHAFL3fiRZ+AS657dgCg4myG MZfvFv/zgbdmWJ62B4tBK0o= =19Py -----END PGP SIGNATURE-----