On Mon, Feb 11, 2008 at 11:16:04AM +0100, Valent Turkovic wrote: > Just to clarify. I'm interested how safe is fedora in general with this > king of exploits... and does my argument for not having selinux on > desktop fedora cd versions is justified. SELinux will stop a server exploit becoming a shell exploit becoming a root exploit via this in many cases. If you've got SELinux running you can also change the ruleset to say nobody running under SELinux can use vmsplice. In that sense it offers something. If your users run unconstrained and found out about it before you then it won't materially help. Alan -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
