On Fri, May 9, 2014 at 1:41 AM, alex diavatis <alexis.diavatis@xxxxxxxxx> wrote:
-- From what David [1]said "Some underlying infrastructure our games rely on is incompatible with SELinux. We are hoping to correct this."So Steam users should disable SELinux or should stop using Steam, or Valve is going to be full SELinux compatible?There are hundreds ways that an application (un-intentionally) can do nasty exploitations, SELinux un-aware.
FYI,
Valve fixed their broken code after I (and few other) made a lot of noise about it in the issue and on reddit.
Their code was broken from a security perspective. What they were doing could, theoretically, make it much easier for an attacker to get unauthorized access to your machine.
SELinux not only blocked the dangerous practice they were using, but also helped us (and them) understand it's dangerous, which prompted a fix which increased the security
of that part of their product, which is a fantastic thing.
of that part of their product, which is a fantastic thing.
You can read the info linked to in this issue for more technical explanations.
Either way, I think the consensus is that we are not going to disable/remove/cripple SELinux on our default offering.
Users who feel safe disabling OS security features can still do it, but I can't say I recommend this to anyone.
Users who feel safe disabling OS security features can still do it, but I can't say I recommend this to anyone.
SELinux also provides features we really want to make use of in the future, namely secured sandboxes - a really useful and important feature.
-Elad Alfassa.
-- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop