On 03/05/2010 08:38 AM, Robert Nichols wrote: > SELinux works well and unobtrusively if you use only the software that > comes with your distribution and don't go much beyond clicking on icons > in your use of it. My laptop falls into that category. I'm trying to > bring up a server right now, where SELinux would actually be useful, > but dealing with SELinux there is looking to be way beyond what I can > undertake. > That is because the user domain by default is for the most part exempt. Some system services are targeted, and managing this requires some knowledge/awareness about the matter. Its like Fedora default iptables/netfilter configuration. As long as you do not have any exotic services listening on the network or have any nat/routing requirements, things just work. Else you are required to have some knowledge about iptables or whatever you use to configure netfilter.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
