On Fri, 2007-09-21 at 10:40 -0500, Mike McCarty wrote: > After a machine has been compromised, IMO it must be restored > to a pre-compromise state. Trying to mitigate damage on a > compromised machine is wrong-headed. While that is *also* true (trying to mitigate damage), that's not the only purpose of SELinux. You've grabbed hold of one end of a multi-pronged stick, and you won't see the bigger picture. This is why you're getting a drubbing over the matter. SELinux is no more *just* for mitigating compromised machines than a firewall is. It's another part of the armor protecting against that happening in the first place. You may well not have a "compromised" machine, but one that has a defect that may be exploitable. SELinux is another part of the protective process, just like other protective software. Some use to try and prop up their broken systems, others use them to help prevent their system being compromised in the first place. -- [tim@bigblack ~]$ uname -ipr 2.6.22.5-76.fc7 i686 i386 Using FC 4, 5, 6 & 7, plus CentOS 5. Today, it's FC7. Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.