On 02/29/2008 09:32:06 AM, Patrick O'Callaghan wrote:
On Fri, 2008-02-29 at 08:41 +0000, klybear wrote:
> On Thu, 28 Feb 2008 09:31:05 +0900, John Summerfield
wrote:
>
> > The only penetrations I've seen arrived by ssh. I
don't think selinux
> > would have helped there; the sorts of restrictions I
can think of would
> > also prevent the user from doing what users ought be
able to do such as
> > download stuff (including email), sending email and so
forth.
>
> I'm new full time linux user, having temped with one or
two distros in
> the past, and I have to say that my experience of
selinux has been
> frustrating. I never had any Selinux issues with Ubuntu
or Debian, but
> since using Fedora, three of the four problems I've
solved so far turned
> out to be related selinux permissions and the fourth one
I'm still
> working on :)
AFAIK Selinux is disabled by default in Ubuntu and Debian.
Note that you
can also disable it (or limit it to warnings) in Fedora.
AFAIK, Ubuntu is applying Apparmour(sp??), not selinux.
IMHO apparmour has some security value but not a whole lot
due to a more limited coverage. YMMV of course, and I'm
making no warrentee or anything else here.
