On Fri, Jun 08, 2007 at 11:13:47 +0200, Andreas Bernauer <fedora@xxxxxxxxx> wrote: > > After I have wasted 2h tracking a "bug" that was only caused by > overly-restrictive SELinux policies, I disabled SELinux on my desktop. > On a server, there may be a reason to leave it on, but I don't see how > it helps me on my desktop more than it restricts me. It allows you to run programs that don't have your full privileges. This can be useful if you run code you don't really trust. An example would be commercial software that may have phone home code in it. Setting up custom contexts would take a lot of up front time, but eventually someone will probably have a few useful ones set up that you can use. Eventually all of the clients that commonly look at data from foreign locations will have their own contexts and that will protect you from bugs in those programs.
