On Thu, 2007-06-07 at 22:13 +0800, a bc wrote: > how many of you activate selinux in fedora here? i know it will be > more security for the computer. is it useful on a desktop computer? > why does fedora 7 activate it as default? It became less painful around the era of FC4, I've since left it at the installation defaults. The usefulness of it will depend on how you use it, and what problems exist on your PC that *it* helps mitigate against. If you disable rather than configure things to solve a problem, it's useless. If you allow things blindly, rather than configure things properly, then it'd still be useless (i.e. deny something that should be denied, don't just allow things because they want it). It's on by default as a protective measure (e.g. like the firewall is). Hopefully any problems with it get reported, properly. That way, software that demands extra privileges gets examined, and rules created to allow what really is needed, or software re-compiled in a better way so that it doesn't demand something it doesn't really need, or doesn't do something in a stupid manner. -- (This box runs FC5, my others run FC4 & FC6, in case that's important to the thread.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
