> It`s that in the *real world*, getting the immensely-complicated policy > machinery correct is next-to-impossible. And by correct, I mean > ``provides security, and never causes unwanted failures of > applications``. For the web servers I'm running it was a simple matter of reading the manual and relabelling the relevant content to indicate if it was web accessible. > A properly-configured Linux server, even without SELinux, but with other > security features like firewalling turned on, is likely secure-enough > in many environments. In some perhaps. The big cases it helps are desktop (mostly protecting against browser stuff) - where it usually just works, and web serving, where it's most definitely valuable but does mean reading the docs. Mind you people used to say weak passwords were ok, unencrpyted sessions were ok, putting . in your path was ok, file permissions were a nuisance so login as root. The threat model has changed and continues to evolve. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
