SeLinux, should I disable it?
peter_someone
dionysosjuenger at hotmail.com
Sun Jan 23 02:30:45 UTC 2011
Am 2011-01-23 02:16, schrieb Marko Vojinovic:
> On Saturday 22 January 2011 22:53:26 peter_someone wrote:
>> Am 2011-01-22 22:20, schrieb Marko Vojinovic:
>>> On Saturday 22 January 2011 15:03:46 Parshwa Murdia wrote:
>>>> After I install F14 (KDE), how should I disable SeLinux? Because more
>>>> of the time it gives alerts and it is highly technical in nature to
>>>> understand the SeLinux (for a normal person, not from computers).
>>> No you should not disable it. It is there to protect your system, and if
>>> you are not a technical person, leave it as it is and don't mess with
>>> it.
>> I do wonder though - lots of distros don't use SELinux. Do they (say,
>> Debian) use something else instead? Meaning: can I assume that if I
>> disable SELinux and install I don't gufw or somethign equally simple
>> that Fedora will be less secure than before but still just as safe as
>> the next distro?
> Sorry, I didn't understand, what do you mean by "I don't gufw"?
>
> As for other distros, they are just reluctant to enable SELinux by default, I
> guess because they still don't have a well developed policy to use for
> enforced mode. Fedora has been actively developing the policy since FC2, ie.
> over 6 years now. I don't know if the policy can be easily shared across
> different distros.
>
> The alternative software is/was AppArmor, developed mainly by SuSE people
> (AFAIK), but recently Novell decided to "reduce" the number of people working
> on it (down to a one-man team, IIRC), and the former team leader went to work
> for Microsoft (!!!). You can read about it on the blog news, google them up.
>
> SuSE is now also offering a kernel with SELinux built in but disabled by
> default. Users who wish to try it out can enable it and create their own
> policy.
>
> Also, AFAIK, Ubuntu has been offering SELinux support for some time now,
> although it is also disabled by default.
>
> RHEL, and clones like CentOS and ScientificLinux have SELinux enabled and
> running by default, using the policy derived from Fedora.
>
> I wouldn't know about other distros.
>
> In general, it seems that SELinux is slowly getting adopted by many, if not
> all distros. And yes, I would say that distros which don't have SELinux in
> enforcing mode by default are indeed less secure than Fedora. So to answer
> your question, if you disable SELinux in Fedora, it will be as secure as any
> distro that doesn't use SELinux, which is *less* secure than with SELinux
> active.
>
> HTH, :-)
> Marko
>
Thanks man - THAT'S what I wanted to know :)
More information about the users
mailing list