do I need SELinux?

linux r linuxr at gmail.com
Fri Nov 12 14:20:13 UTC 2004


On Fri, 12 Nov 2004 08:54:19 -0500, Craig <cs007fc at wowway.com> wrote:
> William Hooper wrote:
> 
> 
> > Michael A. Peters said:
> > [snip]
> >
> >>But there are still imho too many cases where it gets in the way of
> >>what the desktop user wants to do for me personally to recommend it to
> >>desktop users. You can see this in posts on the test list. Some of that
> >>may be user error, but it still gets in the way sometimes. Maybe by FC4.
> >
> >
> > Most of the posts to the test list about SELinux lately have been about
> > httpd issues (serving from users home directories, cgi scripts, etc.).  I
> > would argue that the average "desktop" system wouldn't have those issues.
> >
> > SELinux makes just as much sense on the desktop, because it is another
> > layer of permissions to keep you from making a mistake that will break
> > things.
> > 
> I completely agree. Remember that the default policy is "Targeted", which means that it targets
> controls/apps that allow your pc to share internal info with the outside world. This kind of added
> protection is always a good thing. It is important to remember that Red Hat made the decision long ago to
> distribute SE Linux, not Linux. Even if they were to foray into desktop sales again, they would do so with
> SE Linux, not Linux. It is the future be it server or desktop.
> 
> Craig
> 
> --
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: GnuPG v1.2.5 (GNU/Linux)
> 
> mQGiBECyQJQRBACLIa2u3u3/F8Pm+g5QD4K8eCgIC6RX1oXmtI9ALe9NhbNDZrcy
> hYhInCwCifi1zhxZZ/Xu4zyavk8n96USoXylfVg2hAM/P3qLarbqMDvfVPyjtUFd
> 8lg+NV4SgJ1F0jtqebrXu76AjCIBmLybQ1BYMTWDxB4xSW8lYlJT9+/QDwCg3f0z
> 9knFKiyZbzp4gpJvl4wH8lMD/0iB5t4VQr0jkQ1R1nVFx8sL9DwDogJZ0SJHnHrq
> fiBb+rx4lCLyz00VHlxxNSFsYRnpmefqC4ywfFnyQ9WpVxt3sqJ18ncxW04X3+cc
> DHLwqLdW2IKjT9CY4buDqyV8dcOdvYbHR1qQ1dcecYq9fyGHlHYCOr2X5frAmRF4
> RcoRA/4oBXGKFhf2Q5ptguLHOce/2pzt2qoEL37IbSEATd2sjYE+HsDANzk+WXo9
> j4Cwwepio9JOJ1kQXeVo7D07HIIZyJuk/RAIh1ztQALk0sFFj2SPiurcRpze4gH0
> sn//CwlzY0swWaEoV0Jd/hALDvJvRQ+WZ+SVfJ5vfFKlGCowfrQxQ3JhaWcgU2hl
> cndvb2QgKFByaW1hcnkgS2V5KSA8Y3MwMDdsakB3b3d3YXkuY29tPoheBBMRAgAe
> BQJAskCUAhsDBgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEOl3KJXc2eK43coAoIC+
> wnag2QF02yUMshL5jI4jyywbAJ4yDt9aacCfwTVPNXkkoU9kamjwZbkCDQRAskCp
> EAgA8PmuinHlAukukL99OvbZ+eQusvrPACuvOxgNr8seDiJ1OTI5XfrUjgbJHNV2
> K6x69vyui3j3BIKjyo1nq/AY6qrl4R39XuDylnvLr/I7P2tuUHDjy831E+S0suCz
> bEhRPxv42BnLkZP0ZdQteQn/bvDAHDJ0hMl21lau4PqU/sjQ7/yTGTUVGQhRQD1p
> 8RLbcnSsNbVrQvymBOLfzAC/jZn3EQ4pEm2qMrNXM4IRpcDrrOpkoMYyuBs4JkJ6
> 0jpZ9SVabCZU3ceGGs8JrB4Sdm9omHKeIrBzCs5QnyYVVCY//bJTAp7inLYYRj6g
> MmmLY4v35UXiCNmYfDYtYvLPFwAEDQgAz1aOHCkni2Vc62DIJJiYy9dQ+ZNxJH4y
> QBVAJ69HFLHwTfDpyIHCedKwQnTc/wFYghtypXCJkyBE1AsQispArtux2gXADc9C
> y6MR3pdOfCBNPf9152oNTYwaPFzUIm/OJfhyxT1gHRuGjb2F697YnlVEP5SKA7E5
> FeaZcg+d9FtBH/BUYpXzWvvE4mh3mfDJ/qwRJpK4qjhZncNSoiT7ZjX8LaNtvkK6
> aYQczNYV36pPGAe2GZ3MNWxtOYjLZJvmUw76ARPZn7Rt1jYdbXZJ3C0H+0BPEg+e
> 1MsA3z3xO7Y+20fQLBqQC+sUyQWzURv+sme3go7A4/XnfP35OzCnAohJBBgRAgAJ
> BQJAskCpAhsMAAoJEOl3KJXc2eK4WTQAnRX+0D+aIUSLYQ18xtqKUPQQQyphAJ0Z
> WmPi4ubVkt7NDFm0rIVJza2IRQ==
> =NGxD
> -----END PGP PUBLIC KEY BLOCK-----
> 
> 
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
 
 

The more security the better, right?  So is the answer to the original
question ('do I need SELinux') ---- 'If you are running FC you are
*already* running SELinux'  ??

Q.  If a person did a plain FCx install, are they already running
SELinux or do they have to update their kernel ?

Marc




More information about the users mailing list