On Fri, 2007-09-21 at 05:44 -0600, Karl Larsen wrote: > This whole thing reads to me that SELinux is the linux version of > Norton or Avguard to Windows. It will capture and keep the offending > file from doing it's worst. Well then, you're reading it wrong. That's not what SELinux does. > My friends with Windows cuss both software because it makes a mess > out of doing normal things like installing new software. > > There are very few Linux users. There are millions of Windows users. > A guy writing a virus will write it for Windows every time! Now days > they are spending time in prison. It's not like root exploits don't happen in Unixland. The same guy might write a trojan that attempts to fool the web server into providing access that that server should never need to have access to. Or he might exploit a bug in Firefox for the same purpose. This is what SELinux is for. Not dealing with potential security risks because, at present, Linux seems like a small target sounds rather like burying our heads in the sand. > So I decided to turn off SELinux even though it was not the thing to > do according to the loader. I am glad I did so. I don't need the Norton > problem on my F7. Aren't you glad you have that prerogative? For your sake, I hope that the authors of all the programs you do use perform thorough security audits.