On 03/05/2010 08:36 AM, Dominick Grift wrote:
> On 03/05/2010 08:38 AM, Robert Nichols wrote:
>> SELinux works well and unobtrusively if you use only the software that
>> comes with your distribution and don't go much beyond clicking on icons
>> in your use of it. My laptop falls into that category. I'm trying to
>> bring up a server right now, where SELinux would actually be useful,
>> but dealing with SELinux there is looking to be way beyond what I can
>> undertake.
>>
>
> That is because the user domain by default is for the most part exempt.
> Some system services are targeted, and managing this requires some
> knowledge/awareness about the matter.
>
> Its like Fedora default iptables/netfilter configuration. As long as you
> do not have any exotic services listening on the network or have any
> nat/routing requirements, things just work.
>
> Else you are required to have some knowledge about iptables or whatever
> you use to configure netfilter.
With iptables I am not faced with the task of understanding a huge and
complex base policy, let alone one that is constantly changing, plus
understanding a bunch of minimally documented commands before I can
set up my custom configuration.
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
