Douglas McClendon wrote:
Then of course there is the good ol SELinux... For those multitude of
situations when the cost benefit equation suggests forgoing the ~7%
performance and ~7% cdrom space hit. (though I truly welcome any
verbose response explaining lots of examples of how SELinux protects me
when I'm just web browsing from a desktop with no exposed ports/services)
There is no recent benchmarking done on what the performance cost is and
it is likely to vary widely depending on how you use it. Fedora 7 has
SELinux profiles for browsers too limiting the amount of damage in any
exploit.
Rahul