Why do I need SELinux?
Felipe Alfaro Solana
lkml at mac.com
Sun Feb 20 12:50:12 UTC 2005
On 19 Feb 2005, at 21:34, David Cary Hart wrote:
> On Sat, 2005-02-19 at 13:29 -0700, Craig White wrote:
>> ---
>> I don't think the daemons that serve pop3 or imap are likely to be
>> running as root but I guess that would probably depend upon which one
>> you are using.
>>
> No. Pop and imap run as dovecott. Our FTP is anonymous download only so
> there's nothing to hack. Apache seems adequately protected with per-
> directory permissions.
It seems pretty good. However, a good defense-in-depth practice is to
combine several layers of protection. SELinux is a good layer, although
it creates a lot of complexity which may not be desirable in all
scenarios.
More information about the fedora-list
mailing list