trying to understand SELinux message
Marko Vojinovic
vvmarko at gmail.com
Mon Nov 16 11:05:14 UTC 2009
On Monday 16 November 2009 05:22:34 Mr. Teo En Ming (Zhang Enming) wrote:
> You can try to disable SELinux in /etc/selinux/config or in
> /boot/grub/grub.conf.
>
[snip]
>
> You shouldn't start X server or login to GNOME as root.
Logging as root in X is certainly a bad idea, mainly for security reasons.
Disabling SELinux is an equally bad idea, also for those same security
reasons. Why do you advise for one and against the other? It looks
inconsistent to me.
The fact that OP broke one rule and logged in a GUI as root made the other
protection layer yell at him about that. And when he asks what is going on,
your advice is to shut down that other layer. But given that the OP is
apparently a newbie and is not aware of good security practices, this is quite
a Bad Idea, since it opens a door for him to break his system even more.
My advice would be to keep SELinux on, and refrain from using X as root. That
provides good system security (both from others and yourself).
Best, :-)
Marko
More information about the fedora-list
mailing list