A great article on why to use SeLinux

max bianco maximilianbianco at gmail.com
Fri Feb 29 17:12:02 UTC 2008 

On Fri, Feb 29, 2008 at 9:48 AM, Thompson Freeman <
tfreeman at intel.digichem.net> wrote:

> On 02/29/2008 09:32:06 AM, Patrick O'Callaghan wrote:
> > On Fri, 2008-02-29 at 08:41 +0000, klybear wrote:
> > > On Thu, 28 Feb 2008 09:31:05 +0900, John Summerfield
> > wrote:
> > >
> > > > The only penetrations I've seen arrived by ssh. I
> > don't think selinux
> > > > would have helped there; the sorts of restrictions I
> > can think of would
> > > > also prevent the user from doing what users ought be
> > able to do such as
> > > > download stuff (including email), sending email and so
> > forth.
> > >
> > > I'm new full time linux user, having temped with one or
> > two distros in
> > > the past, and I have to say that my experience of
> > selinux has been
> > > frustrating. I never had any Selinux issues with Ubuntu
> > or Debian, but
> > > since using Fedora, three of the four problems I've
> > solved so far turned
> > > out to be related selinux permissions and the fourth one
> > I'm still
> > > working on :)
> >
> > AFAIK Selinux is disabled by default in Ubuntu and Debian.
> > Note that you
> > can also disable it (or limit it to warnings) in Fedora.
> AFAIK, Ubuntu is applying Apparmour(sp??), not selinux.
> IMHO apparmour has some security value but not a whole lot
> due to a more limited coverage. YMMV of course, and I'm
> making no warrentee or anything else here.
>
>
I used Open SuSe for awhile and  i wasn't impressed by AppArmor.  I switched
to fedora largely because i wanted to learn the in's and out's of SELinux. I
expected alot of trouble out of it but haven't had more than a peep or two.
I run it on three machines of my own( Fedora 8) now and i have installed it
for two people who don't care what OS they have and they haven't had any
issues to date with their standard desktop configs. Granted they are not
power users or anything but personally i think its ready for everyone to
have because the odds are they won't notice it . People who use unusual
configurations or are power users may run into an issue but i would expect a
power user  to be able to troubleshoot it without much difficulty. All my
trouble has been caused by my own tinkering with this or that but all of it
has been easily resolved. Perhaps I'm the exception??


Max
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20080229/7ede0b63/attachment-0001.htm>

More information about the fedora-list mailing list