SeLinux, should I disable it?
Marko Vojinovic
vvmarko at gmail.com
Sun Jan 23 01:16:44 UTC 2011
On Saturday 22 January 2011 22:53:26 peter_someone wrote:
> Am 2011-01-22 22:20, schrieb Marko Vojinovic:
> > On Saturday 22 January 2011 15:03:46 Parshwa Murdia wrote:
> >> After I install F14 (KDE), how should I disable SeLinux? Because more
> >> of the time it gives alerts and it is highly technical in nature to
> >> understand the SeLinux (for a normal person, not from computers).
> >
> > No you should not disable it. It is there to protect your system, and if
> > you are not a technical person, leave it as it is and don't mess with
> > it.
>
> I do wonder though - lots of distros don't use SELinux. Do they (say,
> Debian) use something else instead? Meaning: can I assume that if I
> disable SELinux and install I don't gufw or somethign equally simple
> that Fedora will be less secure than before but still just as safe as
> the next distro?
Sorry, I didn't understand, what do you mean by "I don't gufw"?
As for other distros, they are just reluctant to enable SELinux by default, I
guess because they still don't have a well developed policy to use for
enforced mode. Fedora has been actively developing the policy since FC2, ie.
over 6 years now. I don't know if the policy can be easily shared across
different distros.
The alternative software is/was AppArmor, developed mainly by SuSE people
(AFAIK), but recently Novell decided to "reduce" the number of people working
on it (down to a one-man team, IIRC), and the former team leader went to work
for Microsoft (!!!). You can read about it on the blog news, google them up.
SuSE is now also offering a kernel with SELinux built in but disabled by
default. Users who wish to try it out can enable it and create their own
policy.
Also, AFAIK, Ubuntu has been offering SELinux support for some time now,
although it is also disabled by default.
RHEL, and clones like CentOS and ScientificLinux have SELinux enabled and
running by default, using the policy derived from Fedora.
I wouldn't know about other distros.
In general, it seems that SELinux is slowly getting adopted by many, if not
all distros. And yes, I would say that distros which don't have SELinux in
enforcing mode by default are indeed less secure than Fedora. So to answer
your question, if you disable SELinux in Fedora, it will be as secure as any
distro that doesn't use SELinux, which is *less* secure than with SELinux
active.
HTH, :-)
Marko
More information about the users
mailing list