On 11/17/2009 03:05 AM, Ian Malone wrote: > 2009/11/16 Tim <ignored_mailbox@xxxxxxxxxxxx>: >> On Mon, 2009-11-16 at 13:56 +0800, Mr. Teo En Ming (Zhang Enming) wrote: >>> Well, for home or personal use systems, you don't really need SELinux. >>> SELinux is for mission critical servers. >> >> Until you do something that SELinux would have protected you from... >> >> People do actually do things that need securing, on home computers (do >> their banking, etc.). Just browsing the internet and reading your mail >> are the two major points of breakdown on the Windows world, and I'd like >> it if that problem doesn't migrate over to Linux, as well. >> > > SELinux is not going to protect you from phishing or cross site > scripting attacks. It's not going to offer much protection for just > browsing the internet. > > On the other hand, disabling it is often part of my troubleshooting > process and I've had times (even with F11) when that has been > necessary just to get a working system. I'll aim to get things > working 'properly' (i.e. with it on) again, but to see disabling > SELinux equated with running as root elsewhere in this thread is a bit > surprising. > I don't want to get embroiled in the debate. I would like to point out a little paper I wrote call SELinux four things. Where I try to describe the 4 things that can cause SELinux to complain, and how to remedy them. http://people.fedoraproject.org/~dwalsh/SELinux/Presentations/selinux_four_things.pdf SELinux has many ways that can fairly easily be customized to reach your security goals, if you understand what SELinux is doing. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
