Securing FC 4

[AragonX]

<quote who="Paul Howarth">
> I'd still say so. Unless one "security feature" is complete subset of
> another one, using that feature should enhance security (i.e. the more
> layers of defences the better).
>
> Regarding SELinux, I'd still try to get to grips with it if I was you
> (if not now, as a longer-term project). It's actively supported in
> Fedora and is only likely to get better and easier to manage as time
> goes on. I found http://fedora.redhat.com/docs/selinux-apache-fc3/ to be
> a very useful guide, including tips on customising policy.

Well, since SELinux and LIDS both provide ACLs, they offer basically the
same type of security.  I do not believe it's possible or even reasonable
to have two ACL systems at the same time.

In addition to the problem with complexity, SELinux has licensing issues
that make it less desirable.   Check here:

http://security.linux.com/security/05/03/11/2313226.shtml