Do you use SELinux
Bruno Wolff III
bruno at wolff.to
Fri Jun 8 14:47:25 UTC 2007
On Fri, Jun 08, 2007 at 11:13:47 +0200,
Andreas Bernauer <fedora at lysium.de> wrote:
>
> After I have wasted 2h tracking a "bug" that was only caused by
> overly-restrictive SELinux policies, I disabled SELinux on my desktop.
> On a server, there may be a reason to leave it on, but I don't see how
> it helps me on my desktop more than it restricts me.
It allows you to run programs that don't have your full privileges. This can
be useful if you run code you don't really trust. An example would be
commercial software that may have phone home code in it. Setting up custom
contexts would take a lot of up front time, but eventually someone will
probably have a few useful ones set up that you can use.
Eventually all of the clients that commonly look at data from foreign locations
will have their own contexts and that will protect you from bugs in those
programs.
More information about the fedora-list
mailing list