Re: SeLinux, should I disable it?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 01/22/2011 05:53 PM, peter_someone wrote:
> Am 2011-01-22 22:20, schrieb Marko Vojinovic:
>> On Saturday 22 January 2011 15:03:46 Parshwa Murdia wrote:
>>> After I install F14 (KDE), how should I disable SeLinux? Because more
>>> of the time it gives alerts and it is highly technical in nature to
>>> understand the SeLinux (for a normal person, not from computers).
>> No you should not disable it. It is there to protect your system, and if you
>> are not a technical person, leave it as it is and don't mess with it.
>>
>> Also, if you are using your computer just for ordinary desktop stuff, you
>> should never see any alerts.
>>
>> You might provoke alerts if you are setting up servers or custom 3rd party
>> software or messing around the filesystem with root privileges. However, in all
>> those circumstances you are expected to be a non-beginner, to know what you
>> are doing, and to be able to resolve any SELinux alerts as they come (or ask
>> someone for help). Otherwise SELinux should Just Work (tm), and you should not
>> see any issues with it.
>>
>> HTH, :-)
>> Marko
>>
> I do wonder though - lots of distros don't use SELinux. Do they (say,
> Debian) use something else instead? Meaning: can I assume that if I
> disable SELinux and install I don't gufw or somethign equally simple
> that Fedora will be less secure than before but still just as safe as
> the next distro?
>
> greetings,
> peter

I wouldn't.

If you are getting alerts, try the SELinux management tool. Better to 
allow those things that you are sure are safe for you to do, than to 
disable SELinux entirely.

When Fedora first offered SELinux, its management was clunky. Today it 
is seamless, or nearly so.

Actually, you should address your questions to the Fedora SELinux list. 
They take questions of this kind all the time. They'll ask you to 
specify what, exactly, you were doing, and the nature of the alert. Then 
they'll tell you how to work around it. (Though quite often they'll ask 
you why you are using some apparently misbehaved software.)

Understand this: security is all about whom do you trust, and what with, 
and how far.

Understand this also: the developers of That Other OS seem to know 
nothing about security, and that's why their OS is so vulnerable that 
one hears of at least one breach a month.

Take control of your system. A lot of folks here are ready to help you 
out. And Fedora's developers want to know the kinds of issues you're 
running into. If they didn't, then SELinux might have been abandoned 
long ago--but it has survived no less than twelve iterations. But they 
won't know unless you tell them--and "how do I disable such-a-thing" is 
not telling them; that's avoiding the issue. In this community, we face 
issues squarely, so that we have lasting solutions.

Temlakos
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux