On 02/29/2008 09:32:06 AM, Patrick O'Callaghan wrote:
On Fri, 2008-02-29 at 08:41 +0000, klybear wrote:
On Thu, 28 Feb 2008 09:31:05 +0900, John Summerfield
wrote:
The only penetrations I've seen arrived by ssh. I
don't think selinux
would have helped there; the sorts of restrictions I
can think of would
also prevent the user from doing what users ought be
able to do such as
download stuff (including email), sending email and so
forth.
I'm new full time linux user, having temped with one or
two distros in
the past, and I have to say that my experience of
selinux has been
frustrating. I never had any Selinux issues with Ubuntu
or Debian, but
since using Fedora, three of the four problems I've
solved so far turned
out to be related selinux permissions and the fourth one
I'm still
working on :)
AFAIK Selinux is disabled by default in Ubuntu and Debian. Note that you can also disable it (or limit it to warnings) in Fedora.
AFAIK, Ubuntu is applying Apparmour(sp??), not selinux. IMHO apparmour has some security value but not a whole lot due to a more limited coverage. YMMV of course, and I'm making no warrentee or anything else here.