> Well, please educate me. All I hear from advocates is "more security" > without a concrete example. You mentioned the danger of emails get > stolen without SELinux. Please give me the scenario. So we can gauge > the risk. Simple example. Daemons running under selinux can only access the things they are expected to be accessing. So if I was to crack your httpd and try and execute a shell SELinux would block it. Standard file permissions have no notion of who is doing the action and in what context so would not save you. The biggest win for a lot of folks is web stuff. If I find a bug in a PHP script (which for most PHP is pretty much a given) that allows me to access arbitary files it will be a lot less useful under SELinux because only files labelled as http content can be accessed this way. If I manage to use a bug to add a new script to your machine via the web server I'll not be able to get it to run as a cgi because the web server isn't allowed to create cgi binaries. Again won't happen with just file permissions. Alan -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
