SELinux removed from desktop cd spin?

Daniel P. Berrange berrange at redhat.com
Wed Jan 16 20:03:33 UTC 2008


On Wed, Jan 16, 2008 at 08:57:56PM +0100, Valent Turkovic wrote:
> Hi,
> I believe that SELinux is a great linux server security hardening tool
> but that has little use in desktop linux usage and it confuses
> ordinary desktop users.

It is of great use in a desktop spin. On my 'desktop' install for my
laptop I have many many system daemons running under a confined domain

auditd
console-kit-daemon
crond
cupsd
dbus-daemon
hald
init
libvirtd
NetworkManager
rklogd
rpcbind
rpc.statd
rsyslogd
/sbin/dhclient
/sbin/mingetty
/sbin/udevd
/usr/bin/nm-vpnc-service
/usr/sbin/acpid
/usr/sbin/dnsmasq
/usr/sbin/gdm-binary
/usr/sbin/hcid
/usr/sbin/smartd
/usr/sbin/sshd
/usr/sbin/wpa_supplicant


> If it hasn't been discussed before I would like to propose that on
> desktop cd spin SELinux is not installed by default, of course after
> discussion and approval from you (fedora devels).

No. SELinux provides very real & important protection for desktop users.

Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 




More information about the fedora-devel-list mailing list