Forward looking to FC2 final and SELinux
Michael A. Peters
mpeters at mac.com
Tue Apr 6 19:42:10 UTC 2004
On Tue, 2004-04-06 at 12:21, Jesse Keating wrote:
> On Tuesday 06 April 2004 12:24, Michael A. Peters wrote:
> > Actually - I think desktops and general servers are where it is the
> > most beneficial. On the desktop, I think it can help prevent the
> > spread of worms from people who turn their firewall off, play with
> > sendmail, and don't patch. For the general servers, it helps prevent
> > compromise of one service from impacting another.
>
> General servers maybe. Workstations, where users add a plethora of
> third party software, almost all of it w/out any SELinux support
> (policy additions), can quickly become a mess, with the user usually
> just turning off SELinux completely rather than deal with the headache.
I see the point.
Perhaps the Fedora Packaging guidelines should be updated to deal with
this scenario so that third party packagers can fix their packages to
work with SELinux.
>
> Sure it's an option, but (non scientific) studies have shown that the
> defaults are what are used most often. My recommendation was to keep
> it as an option during the install, but leave the default as off.
I suspect even scientific studies would show the defaults are what are
used most often.
It definitely should be either permissive or off for the Workstation
button. IMHO.
--
Cheap Linux CD's - http://mpeters.us/linux/
More information about the devel
mailing list