Re: SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Timothy Murphy wrote:
Paul Howarth wrote:

Which level of SELinux you recommend for a personal laptop? I mean, if
you are not offering any service to internet or you don't have many users
and stuff is it really necessary?
I have SELinux enabled on *all* of my machines. But then I know how to
fix SELinux issues when they crop up. If it works for you when enabled,
you're better off having it, since it offers an additional layer of
protection. You don't need to have multiple users or to be offering
services on the Internet to get your machine compromised.

I must admit I have taken the opposite tack.
I enabled SELinux for a while, but it caused several problems
(which unlike Paul I had difficulty solving)
and in the end I decided the tiny amount of protection it offered
was simply not worth the hassle.

I'm running shorewall on my desktop (connected to the internet)
and it seems to me - though I am no expert -
that this offers sufficient security for my purposes.

It wouldn't protect you against a browser vulnerability triggered by visiting a malicious website. There are probably many other types of vulnerability that firewalls don't help with too.

(I'm a shorewall user myself too btw)

I have a sneaking suspicion that SELinux is put forward,
to some extent, as a kind of window-dressing
to support the argument that Linux is safer than Windows.

SELinus is far from being window-dressing; when configured properly it is capable of restricting each process to the minimum capabilities that that process needs to do its job, and most exploits require that processes be circumvented to so something else, hence SELinux offers protection against those exploits.

Paul.

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux