On Wed, Jan 16, 2008 at 08:57:56PM +0100, Valent Turkovic wrote:
> Hi,
> I believe that SELinux is a great linux server security hardening tool
> but that has little use in desktop linux usage and it confuses
> ordinary desktop users.
It is of great use in a desktop spin. On my 'desktop' install for my
laptop I have many many system daemons running under a confined domain
auditd
console-kit-daemon
crond
cupsd
dbus-daemon
hald
init
libvirtd
NetworkManager
rklogd
rpcbind
rpc.statd
rsyslogd
/sbin/dhclient
/sbin/mingetty
/sbin/udevd
/usr/bin/nm-vpnc-service
/usr/sbin/acpid
/usr/sbin/dnsmasq
/usr/sbin/gdm-binary
/usr/sbin/hcid
/usr/sbin/smartd
/usr/sbin/sshd
/usr/sbin/wpa_supplicant
> If it hasn't been discussed before I would like to propose that on
> desktop cd spin SELinux is not installed by default, of course after
> discussion and approval from you (fedora devels).
No. SELinux provides very real & important protection for desktop users.
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
Yes, it protect internet connection from being shared, protects system from drivers, needed for some hardware and protects system from everything useful.
It's question of policy, but SELinux on LiveCD maked me stupid in my brother's eyes.
I wanted to show him internet connection sharing via superb user friendly tool, which appeared in F8, but SELinux blocked my changed... Nice.
--
Jakub 'Livio' Rusinek
http://liviopl.jogger.pl/
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
