Re: SeLinux, should I disable it?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Saturday 22 January 2011 22:53:26 peter_someone wrote:
> Am 2011-01-22 22:20, schrieb Marko Vojinovic:
> > On Saturday 22 January 2011 15:03:46 Parshwa Murdia wrote:
> >> After I install F14 (KDE), how should I disable SeLinux? Because more
> >> of the time it gives alerts and it is highly technical in nature to
> >> understand the SeLinux (for a normal person, not from computers).
> > 
> > No you should not disable it. It is there to protect your system, and if
> > you are not a technical person, leave it as it is and don't mess with
> > it.
> 
> I do wonder though - lots of distros don't use SELinux. Do they (say,
> Debian) use something else instead? Meaning: can I assume that if I
> disable SELinux and install I don't gufw or somethign equally simple
> that Fedora will be less secure than before but still just as safe as
> the next distro?

Sorry, I didn't understand, what do you mean by "I don't gufw"?

As for other distros, they are just reluctant to enable SELinux by default, I 
guess because they still don't have a well developed policy to use for 
enforced mode. Fedora has been actively developing the policy since FC2, ie. 
over 6 years now. I don't know if the policy can be easily shared across 
different distros.

The alternative software is/was AppArmor, developed mainly by SuSE people 
(AFAIK), but recently Novell decided to "reduce" the number of people working 
on it (down to a one-man team, IIRC), and the former team leader went to work 
for Microsoft (!!!). You can read about it on the blog news, google them up.

SuSE is now also offering a kernel with SELinux built in but disabled by 
default. Users who wish to try it out can enable it and create their own 
policy.

Also, AFAIK, Ubuntu has been offering SELinux support for some time now, 
although it is also disabled by default.

RHEL, and clones like CentOS and ScientificLinux have SELinux enabled and 
running by default, using the policy derived from Fedora.

I wouldn't know about other distros.

In general, it seems that SELinux is slowly getting adopted by many, if not 
all distros. And yes, I would say that distros which don't have SELinux in 
enforcing mode by default are indeed less secure than Fedora. So to answer 
your question, if you disable SELinux in Fedora, it will be as secure as any 
distro that doesn't use SELinux, which is *less* secure than with SELinux 
active.

HTH, :-)
Marko

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux