On Fri, 21 Sep 2007 15:52:51 -0400, David Boles wrote: [....] > SELinux, if I understand it correctly, is not really made to prevent > *you* from doing anything but to stop some piece of malicious or poorly > written software from trashing your system, files, 'stuff' by doing > something that is wrong. The Windows type keylogger that will someday > show up in Linux. Or SPAM relay 'bots. The cute little script that > trashes fstab. Or grub.conf. Things like these. All made up? Sure. But > coming soon to a Linux near you. ;-) Could be. It would be nice if > the 'protection' was here first instead of what Windows has. Which is > pretty much nothing. [...] > I will tell you this. The GUI for SELinux in what will be Fedora 8 is > nice and very helpful and much progress has been made in general. That > could account for the little traffic that you mentioned seeing on the > selinux-list. > > You want SELinux off? Go for it. Your choice. I want SELinux on. My > choice. > > Disabled SELinux does nothing. And the 'horrible waste of HD space' is > about, as near as I can tell something in the neighborhood of 140K. > About the size of this email maybe? ;-) This whole discussion has been very helpful; the comparison of space to one email is especially so. My thanks to all! And I'll take a good look at the new GUI when I install F8, before I do any disabling. What is nice and helpful to those who know the most may or may not be so to those of us on the other end of the teeter- totter; but I'll keep my hopes up. Here's a quote from some starlet I know nothing else of : "I try to be cynical, but I just can't keep up." Make that "paranoid" instead of "cynical" and you have the case of those like me who so abominate M$ and all its works (and, in some cases, ditto Apple) that we run without really knowing how to tell whether we've been compromised, nor what to do if we are. The best solution I know of is to run every defense you can and still be able to operate; hence my reluctance to eliminate SELinux any sooner. But defenses you can't run also interfere; and up till now I'm quite sure I can't begin to "run" SELinux in any way worth the name. It remained present, if not active, so long as it didn't get in the way; it was all those irritating popups, beyond my understanding, that led me to disabling. I hope they're either gone, or a lot more helpful ... -- Beartooth Staffwright, PhD, Neo-Redneck Linux Convert Remember I know precious little of what I am talking about.
