Alan Cox alan at
Tue Aug 31 16:17:16 UTC 2010

> > If you use a web browser to view more than a short list of trusted sites,
> > you need selinux.
> >
> > If you run network services accessible from outside the machine then you
> > need selinux.
> >
> > If you run binaries from semitrusted groups (this includes most commercial
> > software) then you need selinux.
> You don't _need_ SELinux in any such cases.

I wouldn't dare run some of the web plugins without them being very very
constrained by a security tool. I'm not sure I trust some of the image
libraries either although the google audit work seems to be slowly
improving it.

Unfortunately application library security has taken a nasty turn for the
worse because any library exploit in a library also used on the iphone is
now being sat on by jailbreakers rather than reported.


More information about the users mailing list