SELinux

[Timothy Murphy]

Paul Howarth wrote:

>> Which level of SELinux you recommend for a personal laptop? I mean, if
>> you are not offering any service to internet or you don't have many users
>> and stuff is it really necessary?
> 
> I have SELinux enabled on *all* of my machines. But then I know how to
> fix SELinux issues when they crop up. If it works for you when enabled,
> you're better off having it, since it offers an additional layer of
> protection. You don't need to have multiple users or to be offering
> services on the Internet to get your machine compromised.

I must admit I have taken the opposite tack.
I enabled SELinux for a while, but it caused several problems
(which unlike Paul I had difficulty solving)
and in the end I decided the tiny amount of protection it offered
was simply not worth the hassle.

I'm running shorewall on my desktop (connected to the internet)
and it seems to me - though I am no expert -
that this offers sufficient security for my purposes.

I have a sneaking suspicion that SELinux is put forward,
to some extent, as a kind of window-dressing
to support the argument that Linux is safer than Windows.


-- 
Timothy Murphy  
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland