Why do I need SELinux?
Rahul Sundaram
rahulsundaram at gmail.com
Sun Feb 20 17:17:26 UTC 2005
Hi
> It seems pretty good. However, a good defense-in-depth practice is to
> combine several layers of protection. SELinux is a good layer, although
> it creates a lot of complexity which may not be desirable in all
> scenarios.
the complexity comes from the flexibility of Apache. a policy that
protects apache with all of its flexibility but still restricts it is
bound to be complicated. You should be able to run apache under
targetted policy pretty easily. If you do have problems then read the
documentation given
http://fedora.redhat.com/docs/selinux-faq-fc3/
If that does not resolve your particular issue start a discussion in
the fedora selinux list.
the question you should be asking yourself when its comes to security
is not just why but also why not
--
Regards,
Rahul Sundaram
More information about the fedora-list
mailing list