On Sat, Feb 12, 2011 at 11:25:39 -0500, Darr <darr@xxxxxxxx> wrote: > On Saturday, February 12, 2011 @12:46 zulu, Tim > <ignored_mailbox@xxxxxxxxxxxx> scribed: > > > Well, it /could/ stop either threat, however we don't run SELinux > > as tightly as it could be run. > > I'm not sure who "we" is, but I run it in restricted mode and rarely even > get told something has mislabeled files... and when I do get such a message, > an autorelabel and reboot nearly-always fixes it (I don't mind rebooting > once a month or so... else I would SU - and change their context manually). > I don't remember the last time I got an actual denial. More than a year ago, > for sure. I think you may have misunderstood the complaint. I believe he was suggesting that the rules being enforced by selinux are not tight enough to stop some of the issues when people are tricked into running trojans. Most of selinux enforcement is targeted at services and a few user tools that commonly process untrusted data (in particular firefox). There is also a generic sandbox setup, but people have to actively use it (or configure their tools to use it). -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
