trying to understand SELinux message
Daniel J Walsh
dwalsh at redhat.com
Tue Nov 17 13:04:00 UTC 2009
On 11/17/2009 03:05 AM, Ian Malone wrote:
> 2009/11/16 Tim <ignored_mailbox at yahoo.com.au>:
>> On Mon, 2009-11-16 at 13:56 +0800, Mr. Teo En Ming (Zhang Enming) wrote:
>>> Well, for home or personal use systems, you don't really need SELinux.
>>> SELinux is for mission critical servers.
>>
>> Until you do something that SELinux would have protected you from...
>>
>> People do actually do things that need securing, on home computers (do
>> their banking, etc.). Just browsing the internet and reading your mail
>> are the two major points of breakdown on the Windows world, and I'd like
>> it if that problem doesn't migrate over to Linux, as well.
>>
>
> SELinux is not going to protect you from phishing or cross site
> scripting attacks. It's not going to offer much protection for just
> browsing the internet.
>
> On the other hand, disabling it is often part of my troubleshooting
> process and I've had times (even with F11) when that has been
> necessary just to get a working system. I'll aim to get things
> working 'properly' (i.e. with it on) again, but to see disabling
> SELinux equated with running as root elsewhere in this thread is a bit
> surprising.
>
I don't want to get embroiled in the debate. I would like to point out a little paper I wrote call
SELinux four things. Where I try to describe the 4 things that can cause SELinux to complain, and
how to remedy them.
http://people.fedoraproject.org/~dwalsh/SELinux/Presentations/selinux_four_things.pdf
SELinux has many ways that can fairly easily be customized to reach your security goals, if you understand what
SELinux is doing.
More information about the fedora-list
mailing list