Re: How best get rid of SELinux?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Why do the supposed selinux functions, if 10,000% less important than a 
> firewall (my personal estimation anyway) seem to take 10,000 times more 
> maintenance than the far more important firewall?

They solve a harder problem. And actually when we first turned on
firewalling by default a similar thing occurred until howtos and the like
to tweak it appeared

Its solving a very different problem. Firewalls stop attacks against the
host from outside inwards. Modern attacks are all based on things like
web page flaws, and user stupidity because both of those bypass firewalls.

Since the bad guys can't get in via services they wait for you to come to
them and try and break through your web browser, or they mail you and try
to break your mail client or have you do dumb things like save a PDF file
then read it with acroread without forcing safe mode.

SELinux helps contain these types of attack. Its one of about five
differing things going on - all of which broke something on the way - NX
broke miswritten apps, non-exec elsewhere broke stuff, and so on.

Alan


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux