On 9/21/07, Timothy Murphy <tim@xxxxxxxxxxxxxxxxxxxxxx> wrote: > Arthur Pemberton wrote: > > > Selinux is another layer of security, it isn't a replacement of any > > security layers, I see no reason why anyone feels such apparently > > hostility to this piece of technology. > > While I'm not hostile to SELinux, > I'm also not convinced it actually gives any protection in the real world. > I've never seen anyone say, "Thank God I was running SELinux, > or I would have been in a mess". So... would you like me to tell a story of why I like SELinux? And how it saved me from my own weak sysadmin practices? > I see at once from my logwatch that thousands of lunatics > are hurling silly packets at my machine, > and I'm grateful to shorewall for keeping them out. Please. Lets keep firewalls out of the topic, they SELinux i complementary to firewalls. > I suspect that at the moment SELinux is more of an advertising ploy, > "Windows cannot be secured, but Linux can", > than a useful defence against any real danger. Your suspicions, while reasonable are untrue. > There probably will be a real danger in the future, if Linux thrives. > So it is certainly a good idea to build up defences now. The earlier we start, the better. > Personally, I run SELinux in permissive mode, > intending to see what it turns up - one day, when I have time ... I either run it (in targeted mode) or I don't - I do on servers, don't on desktops/laptops -- Fedora 7 : sipping some of that moonshine ( www.pembo13.com )
