Selinux under FC-4 ?
Colin Walters
walters at redhat.com
Thu Mar 31 02:39:49 UTC 2005
On Thu, 2005-03-31 at 02:15 +0100, Timothy Murphy wrote:
> Stephen Smalley wrote:
>
> >> Will I be able to turn off selinux under FC-4 ?
> >>
> >> Life is hard enough without inventing problems ...
> >
> > You should always be able to turn it off during the install or
> > subsequently using system-config-securitylevel. No plans to change that
> > AFAIK. But I'm not sure what you mean by the latter statement.
>
> While selinux is probably important for big systems,
> I don't think it offers much for a home user like myself.
> It's possible, I suppose, that someone might get through my firewall
> (shorewall) but it doesn't seem very likely,
> as I don't run any services visible from outside.
The real threat for your kind of system has always really been flaws in
programs like firefox, movie players, image loaders, etc., not network
daemons. While it's true that in Fedora right now the targeted SELinux
policy does not confine those programs, in the future it will.
Disabling it now will also disable the protection we will add in the
future.
For a home user system you're not likely running Apache HTTPD, so I
don't see why you have trouble with the current policy anyways.
More information about the fedora-selinux-list
mailing list