SElinux
Rahul Sundaram
sundaram at fedoraproject.org
Sun Apr 2 02:05:35 UTC 2006
On Sat, 2006-04-01 at 17:48 -0800, Kam Leo wrote:
> On 4/1/06, Craig White <craigwhite at azapple.com> wrote:
> > On Sun, 2006-04-02 at 03:01 +0300, Caser wrote:
> > > Hi to all,
> > > is there any risk if i disable SElinux
> > > i have only one user (of course with root)
> > ----
> > SELinux is not just about systems with local account access but about
> > security layering so that if one element is broken, the machine isn't
> > necessarily completely compromised.
> >
> > Is there any risk if you disable SELinux? Yes
> >
> > Should you care is the question you are apparently asking - and the
> > answer I would give you is yes but it's a determination you have to make
> > yourself.
> >
> > Craig
> >
>
> With SELinux disabled Fedora Core is no better nor worse in regards to
> security than other Linux distributions such as SUSE, Debian, or
> Ubuntu.
In other words, assuming SELinux in the only thing that makes Fedora
security better, turning off SELinux would it no better than SUSE,
Debian or Ubuntu and if you turn off outgoing filters to a firewall then
you are no worse than Windows and thats the problem with defining
yourself in terms of the competition. Whether SELinux is good for
security of your system is better understood but reading about the
problem that is trying to solve which pretty much applies to any kind of
system.
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2730692
If you like a screencast,
http://www.redhat.com/v/swf/SELinux/
Other references at
http://fedoraproject.org/wiki/SELinux/
Rahul
More information about the fedora-list
mailing list