Personal firewall replaced by SELinux ?
Stephen Smalley
sds at epoch.ncsc.mil
Tue Apr 20 13:17:59 UTC 2004
On Tue, 2004-04-20 at 08:29, David Balazic wrote:
> Since SELinux can control network access, is the personal firewall ( the
> thing that is installed in simple workstation
> install, since FC1 IIRC, I don't know what its name is, I believe it is the
> kernel packet filter ) obsoleted by it ?
No. The SELinux network access controls support enforcing a system
security policy over network communication by processes based on their
security attributes. At present, they are limited by the lack of
labeled networking support, but can still be useful, e.g. for a guard
system. But they aren't intended to act as a replacement for normal
packet filtering.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-test-list
mailing list