On Saturday 22 January 2011 22:53:26 peter_someone wrote: > Am 2011-01-22 22:20, schrieb Marko Vojinovic: > > On Saturday 22 January 2011 15:03:46 Parshwa Murdia wrote: > >> After I install F14 (KDE), how should I disable SeLinux? Because more > >> of the time it gives alerts and it is highly technical in nature to > >> understand the SeLinux (for a normal person, not from computers). > > > > No you should not disable it. It is there to protect your system, and if > > you are not a technical person, leave it as it is and don't mess with > > it. > > I do wonder though - lots of distros don't use SELinux. Do they (say, > Debian) use something else instead? Meaning: can I assume that if I > disable SELinux and install I don't gufw or somethign equally simple > that Fedora will be less secure than before but still just as safe as > the next distro? Sorry, I didn't understand, what do you mean by "I don't gufw"? As for other distros, they are just reluctant to enable SELinux by default, I guess because they still don't have a well developed policy to use for enforced mode. Fedora has been actively developing the policy since FC2, ie. over 6 years now. I don't know if the policy can be easily shared across different distros. The alternative software is/was AppArmor, developed mainly by SuSE people (AFAIK), but recently Novell decided to "reduce" the number of people working on it (down to a one-man team, IIRC), and the former team leader went to work for Microsoft (!!!). You can read about it on the blog news, google them up. SuSE is now also offering a kernel with SELinux built in but disabled by default. Users who wish to try it out can enable it and create their own policy. Also, AFAIK, Ubuntu has been offering SELinux support for some time now, although it is also disabled by default. RHEL, and clones like CentOS and ScientificLinux have SELinux enabled and running by default, using the policy derived from Fedora. I wouldn't know about other distros. In general, it seems that SELinux is slowly getting adopted by many, if not all distros. And yes, I would say that distros which don't have SELinux in enforcing mode by default are indeed less secure than Fedora. So to answer your question, if you disable SELinux in Fedora, it will be as secure as any distro that doesn't use SELinux, which is *less* secure than with SELinux active. HTH, :-) Marko -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
