SELinux removed from desktop cd spin?
Daniel P. Berrange
berrange at redhat.com
Wed Jan 16 20:25:54 UTC 2008
On Wed, Jan 16, 2008 at 09:19:38PM +0100, Valent Turkovic wrote:
> On Jan 16, 2008 9:03 PM, Daniel P. Berrange <berrange at redhat.com> wrote:
> > On Wed, Jan 16, 2008 at 08:57:56PM +0100, Valent Turkovic wrote:
> > > Hi,
> > > I believe that SELinux is a great linux server security hardening tool
> > > but that has little use in desktop linux usage and it confuses
> > > ordinary desktop users.
> > It is of great use in a desktop spin. On my 'desktop' install for my
> > laptop I have many many system daemons running under a confined domain
> You, of course, will always have the ability to choose to install it
> and use it.
> > > If it hasn't been discussed before I would like to propose that on
> > > desktop cd spin SELinux is not installed by default, of course after
> > > discussion and approval from you (fedora devels).
> > No. SELinux provides very real & important protection for desktop users.
> Can you give me examples of this protection over fedora 9 without
> SELInux or with SELinux in permissive mode?
Yes. SELinux mitigated against the recent HPLIP security flaw which
would have allowed arbitrary code execution as root.
There have been other similar scenarios where security flaws have been
prevented, or their damage mitigated by presence of SELinux
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
More information about the fedora-devel-list