SELinux

Paul Howarth paul at city-fan.org
Fri Jun 9 14:48:43 UTC 2006


Gregory P. Ennis wrote:
> On Fri, 2006-06-09 at 14:24 +0100, Paul Howarth wrote:
> 
> 
>> SELinus is far from being window-dressing; when configured properly it 
>> is capable of restricting each process to the minimum capabilities that 
>> that process needs to do its job, and most exploits require that 
>> processes be circumvented to so something else, hence SELinux offers 
>> protection against those exploits.
>>
>> Paul.
>>
> 
> I really like the idea of SELinux, but have had to turn it to permissive
> mode until I can learn how to tweak it for my purposes.  I just have not
> had the time to do this yet.  Are their tutorials you would recommend.
> On one of my trips to Barnes and Knoble I looked for some published work
> on SELinux but could not find anything.

You'll struggle to find anything in print that's up to date. Probably 
the best place to start is:

http://fedoraproject.org/wiki/SELinux

Paul.




More information about the fedora-list mailing list