SELINUX - Why?

[Timothy Murphy]

Paul Howarth wrote:

> I skipped SELinux at FC2 time (wisely, i sppears), but made an effort to
> learn about it for FC3, and am learning more in FC4. It's non-trivial,
> sure, but not as difficult to get your head round as it might first seem
> I think, particularly if you're using the targeted policy rather than
> strict.

I guess my experience was slightly similar, on a lower leve.
I installed FC-4 on an Athlon64 machine (x86_64 distribution),
and found that selinux caused serious problems.
Since I already had enough problems with this machine
(basically, I couldn't compile the kernel)
I disabled selinux for a start.

Doubtless I could and perhaps should have gone through selinux policy,
but when I looked quickly at the documentation
I decided this was not a fruitful way to spend my time.

I'm just a Fedora "user", and don't set my sights very high.
I use my computers for other purposes,
and if they work I'm usually pretty happy.

I run shorewall on the desktop connected to the real world,
and that seems to give reasonable security.
Logwatch tells me that naughty people in Korea and China
are hitting me with a few thousand packets a day -
couldn't George Bush spare a few missiles to nuke them? -
but as far as I can see they are not getting through.
Anyway they seem to think I am running Windows.

I'll probably get round to trying selinux at some point,
but it is not top of my ToDo list ...




-- 
Timothy Murphy  
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland