Arthur Pemberton wrote: > Selinux is another layer of security, it isn't a replacement of any > security layers, I see no reason why anyone feels such apparently > hostility to this piece of technology. While I'm not hostile to SELinux, I'm also not convinced it actually gives any protection in the real world. I've never seen anyone say, "Thank God I was running SELinux, or I would have been in a mess". I see at once from my logwatch that thousands of lunatics are hurling silly packets at my machine, and I'm grateful to shorewall for keeping them out. I suspect that at the moment SELinux is more of an advertising ploy, "Windows cannot be secured, but Linux can", than a useful defence against any real danger. There probably will be a real danger in the future, if Linux thrives. So it is certainly a good idea to build up defences now. Personally, I run SELinux in permissive mode, intending to see what it turns up - one day, when I have time ...
