Re: Correct xen domains path

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Mon, 2007-06-18 at 12:03 -0400, Stephen Harris wrote:
> I've not heard a good reason to keep SELinux enabled, to be honest.
> For high sensitivity stuff, sure (much like using SEOS on Solaris for high
> sensitivity machines - eg those where third parties might have access).
> But as a general rule for all machines?  Why?

One of the major goals of SELinux is to restrict the impact of 0-day
vulnerabilities. If there is an ugly exploit for some network-facing
daemon, it is a good idea to restrict the potential damage as possible.
Besides that, due to the restrictions that SELinux imposes, it can also
catch a class of configuration errors that impact security.

Sure, it does not solve all security problems. But IMO it is a step
forward from running daemons with (nearly) the rights of a normal user.

-- Daniel

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux