On 03/05/2010 08:36 AM, Dominick Grift wrote:
On 03/05/2010 08:38 AM, Robert Nichols wrote:
> SELinux works well and unobtrusively if you use only the software that
> comes with your distribution and don't go much beyond clicking on icons
> in your use of it. My laptop falls into that category. I'm trying to
> bring up a server right now, where SELinux would actually be useful,
> but dealing with SELinux there is looking to be way beyond what I can
> undertake.
>
That is because the user domain by default is for the most part exempt.
Some system services are targeted, and managing this requires some
knowledge/awareness about the matter.
Its like Fedora default iptables/netfilter configuration. As long as you
do not have any exotic services listening on the network or have any
nat/routing requirements, things just work.
Else you are required to have some knowledge about iptables or whatever
you use to configure netfilter.
With iptables I am not faced with the task of understanding a huge and
complex base policy, let alone one that is constantly changing, plus
understanding a bunch of minimally documented commands before I can
set up my custom configuration.
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.