Arthur Pemberton wrote:
I either run it (in targeted mode) or I don't - I do on servers, don't on desktops/laptops
Then we are agreed on this point, at least: If SELinux has benefit, then it is still an installation dependent issue whether the cost outweighs the benefit, or vice versa. I have a desktop which has exactly one LAN connected machine, my firewall. The firewall on the WAN side is connected exactly to one machine, an ADSL modem. It does not make sense to install and run software which one does not ever intend to use. Simply having it on the machine but disabled makes the machine potentially less secure, but gives no benefit. Even "disabled", it is present, and code is actively being executed, though I'm sure much less of it gets executed than otherwise. Mike -- p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);} Oppose globalization and One World Governments like the UN. This message made from 100% recycled bits. You have found the bank of Larn. I can explain it for you, but I can't understand it for you. I speak only for myself, and I am unanimous in that!