FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 03-31-2008, 11:37 PM
"Naheem Zaffar"
 
Default Fedora (again) forces me to disable SELinux

Not many servers seem to be sending smolt stats. (57% desktop, 20%
laptop, 21% "unknown", 1% server according to those pages add all
unknown to servers, and it is still only around 22% of reported
setups.)

>From those 50% that have it turned off, I would guess a lot have it
off because of either past needs, or for following a "guide" advising
this.

I have used SElinux as the default setting since it started. Apart
from a few cases (iirc, there were at some point conflicts with ntfs
mounts...) it has been almost plain sailing for me. (I am however,
mostly a windows user...)

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 03-31-2008, 11:40 PM
"Ahmed Kamal"
 
Default Fedora (again) forces me to disable SELinux

IMHO, it is much easier to keep selinux on for servers web or email ... etc, that it is for desktop style machine, where you expect to do anything and everything. But interactive users run in unrestricted specifically for that I guess!


On Tue, Apr 1, 2008 at 1:37 AM, Naheem Zaffar <naheemzaffar@gmail.com> wrote:

Not many servers seem to be sending smolt stats. (57% desktop, 20%

laptop, 21% "unknown", 1% server according to those pages add all

unknown to servers, and it is still only around 22% of reported

setups.)



>From those 50% that have it turned off, I would guess a lot have it

off because of either past needs, or for following a "guide" advising

this.



I have used SElinux as the default setting since it started. Apart

from a few cases (iirc, there were at some point conflicts with ntfs

mounts...) it has been almost plain sailing for me. (I am however,

mostly a windows user...)



--

fedora-devel-list mailing list

fedora-devel-list@redhat.com

https://www.redhat.com/mailman/listinfo/fedora-devel-list



--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 03-31-2008, 11:42 PM
"Jeff Spaleta"
 
Default Fedora (again) forces me to disable SELinux

On Mon, Mar 31, 2008 at 3:20 PM, Mark <markg85@gmail.com> wrote:

Hey,



I just installed the Fedora 9 Beta release and am doing a full system

update as we speak.

While downloading the updates nothing is wrong.. it just downloads and

that's it. But when installing the updates i get a ton of selinux

notices!! and this is just a default Fedora 9 beta followed by a yum

-y update.
Are you suggesting there are...bugs in the beta? That's an outrageous accusation to make!

Oh wait.. not it isn't.* I'm sure there a set of bugs tracking selinux
issues that you should probably check.* There's also the test
mailinglist where you could post avc messages and try to get other
people to help you figure out why you are seeing them and if the
underlying issue is a bug that has been fixed in a subsequent rawhide
update.

*

Also another issue that i noticed was when looking at a flash

animation in firefox.. when i want to play the animation selinux

(again) drops in and tells me i can't. (or i need to run a command to

get it working).
Is this adobe's proprietary flash perchance?*

-jef

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 03-31-2008, 11:52 PM
"Jˇhann B. Gu­mundsson"
 
Default Fedora (again) forces me to disable SELinux

We have to make sure the Gold does not contain any selinux
errors/notification

and sub sequel updates there after so the end user can be sure that when
he receives an selinux incident report that report is of *devious* behavior
not selinux (policies ) not keeping up with updates..

Best regard
Johann B.

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 04-01-2008, 12:02 AM
Andrew Farris
 
Default Fedora (again) forces me to disable SELinux

Mark wrote:

Hey,

I just installed the Fedora 9 Beta release and am doing a full system
update as we speak.
While downloading the updates nothing is wrong.. it just downloads and
that's it. But when installing the updates i get a ton of selinux
notices!! and this is just a default Fedora 9 beta followed by a yum
-y update.


A few suggestions... first, this is beta software, so naturally the fresh beta
install is going to have some issues. Why wouldn't you expect that it is
possible selinux wouldn't play quietly in its corner right after you install...
yet you probably wouldn't think twice about a few little issues with gdm or
nautilus?


Now suggestions.
- To keep selinux running nicely on your desktop you need to relabel or
restorecon your files frequently, especially after any updates are done. If you
update selinux-policy or your kernel, immediately do 'touch /.autorelabel' and
then reboot... when you don't you're tempting selinux to annoy you with denials
(expected behavior).
- Use tmpfs for /tmp. This one suggestion from Dan Walsh has been very helpful
for my systems. Just add the following line to your /etc/fstab:

tmpfs /tmp tmpfs defaults 0 0

then do:
rm -Rf /tmp/*; reboot

Then remember that files in tmp are supposed to be temporary and don't save
large downloads, misc files, etc, in tmp... they will disappear at reboot, and
tmp is only 512Mb with tmpfs defaults.


- Run selinux-policy-targeted (the default, so don't change it) and then learn a
little bit about what denials mean, why they happen, and report those that you
cannot figure out. Use setroubleshoot and sealert. I've got lots of denials in
my audit database right now (actually 30+ of them are new today, for various
stuff I've been testing)... but not one of them has stopped me from 'doing real
work' on the system.


--
Andrew Farris <lordmorgul@gmail.com> www.lordmorgul.net
gpg 0x8300BF29 fingerprint 071D FFE0 4CBC 13FC 7DEB 5BD5 5F89 8E1B 8300 BF29
revoked key 0xC99B1DF3 no longer used
No one now has, and no one will ever again get, the big picture. - Daniel Geer
---- ----

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 04-01-2008, 12:24 AM
Mark
 
Default Fedora (again) forces me to disable SELinux

2008/4/1, Jeff Spaleta <jspaleta@gmail.com>:
>
>
> On Mon, Mar 31, 2008 at 3:20 PM, Mark <markg85@gmail.com> wrote:
> > Hey,
> >
> > I just installed the Fedora 9 Beta release and am doing a full system
> > update as we speak.
> > While downloading the updates nothing is wrong.. it just downloads and
> > that's it. But when installing the updates i get a ton of selinux
> > notices!! and this is just a default Fedora 9 beta followed by a yum
> > -y update.
>
> Are you suggesting there are...bugs in the beta? That's an outrageous
> accusation to make!
> Oh wait.. not it isn't. I'm sure there a set of bugs tracking selinux
> issues that you should probably check. There's also the test mailinglist
> where you could post avc messages and try to get other people to help you
> figure out why you are seeing them and if the underlying issue is a bug that
> has been fixed in a subsequent rawhide update.

Well i'm not saying that Fedora beta has selinux bugs. just that till
now my experience with selinux has been bad and i have to turn it off
to have a normally functional desktop.
And i've seen selinux for at least a few years now in distributions
and there is always something wrong (perhaps not a bug but it annoys
the user) so i doubt that it will ever get "normal" (at a point where
i can just use the desktop without selinux asking my attention).

>
> >
> > Also another issue that i noticed was when looking at a flash
> > animation in firefox.. when i want to play the animation selinux
> > (again) drops in and tells me i can't. (or i need to run a command to
> > get it working).
>
> Is this adobe's proprietary flash perchance?
>

Nope it isn't Fedora 9 (beta) gets some flash capable player in
firefox 3.. i didn't install adobe flash yet. The site i was looking
was: www.digg.com and than pressing the huge PLAY sign.

> -jef


2008/4/1, Andrew Farris <lordmorgul@gmail.com>:
> Mark wrote:
> > Hey,
> >
> > I just installed the Fedora 9 Beta release and am doing a full system
> > update as we speak.
> > While downloading the updates nothing is wrong.. it just downloads and
> > that's it. But when installing the updates i get a ton of selinux
> > notices!! and this is just a default Fedora 9 beta followed by a yum
> > -y update.
>
>
> A few suggestions... first, this is beta software, so naturally the fresh beta
> install is going to have some issues. Why wouldn't you expect that it is
> possible selinux wouldn't play quietly in its corner right after you install...
> yet you probably wouldn't think twice about a few little issues with gdm or
> nautilus?

I wouldn't find it strange to see bugs in nautilus/gdm/any other than
selinux strange. Selinux is just: Annoying, frustrating, irritating
and asking to be disabled. My selinux history tells me that this isn't
a bug.. it's just selinux.

>
> Now suggestions.
> - To keep selinux running nicely on your desktop you need to relabel or
> restorecon your files frequently, especially after any updates are done. If you
> update selinux-policy or your kernel, immediately do 'touch /.autorelabel' and
> then reboot... when you don't you're tempting selinux to annoy you with denials
> (expected behavior).
> - Use tmpfs for /tmp. This one suggestion from Dan Walsh has been very helpful
> for my systems. Just add the following line to your /etc/fstab:
> tmpfs /tmp tmpfs defaults 0 0
>
> then do:
> rm -Rf /tmp/*; reboot
>
> Then remember that files in tmp are supposed to be temporary and don't save
> large downloads, misc files, etc, in tmp... they will disappear at reboot, and
> tmp is only 512Mb with tmpfs defaults.
>

First: it requires a reboot which should not be the case for ANY linux
based program unless it has a good reason. Windows == reboots afer
every update. Don't follow that path on linux!

Second: it requires me to INVESTIGATE the issues, find solutions and
fix it. Sorry to tell but that's not my job nor am i willing to do it
and it requires a lot of time to fix issues that should not even
exist.

Third: The tmpfs thing might be handy but i would just like to run the
OS in it's default stuff. If i need to edit things like that then
there is something wrong with Fedora.

> - Run selinux-policy-targeted (the default, so don't change it) and then learn a
> little bit about what denials mean, why they happen, and report those that you
> cannot figure out. Use setroubleshoot and sealert. I've got lots of denials in
> my audit database right now (actually 30+ of them are new today, for various
> stuff I've been testing)... but not one of them has stopped me from 'doing real
> work' on the system.
>
Again require me to do some work to get things fixed which should not
even be broken in the first place.

I simply don't get why such a idiotic system has to be in fedora...
Fedora is about user friendly distributions right? this one isn't user
friendly at all. Till now i've always disabled selinux as soon as the
first boot was completed.

Also a note about the selinux stats in the smolt database. When you
install fedora selinux is (sadly) enabled by default. And on the first
boot you get the smolt system specs sending stuff.. at that point
(atleast in F9 beta) there was NO option to turn off selinux so the
stats will therefore always indicate a higher selinux usage than is
actually the case. i turned it off right after those smolt things
where send but i'm in the smolt db now with selinux enabled!

O well.. enough selinux bashing for now ^_^

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 04-01-2008, 12:48 AM
Andrew Farris
 
Default Fedora (again) forces me to disable SELinux

Mark wrote:

2008/4/1, Andrew Farris <lordmorgul@gmail.com>:

Mark wrote:
> Hey,
>
> I just installed the Fedora 9 Beta release and am doing a full system
> update as we speak.
> While downloading the updates nothing is wrong.. it just downloads and
> that's it. But when installing the updates i get a ton of selinux
> notices!! and this is just a default Fedora 9 beta followed by a yum
> -y update.


A few suggestions... first, this is beta software, so naturally the fresh beta
install is going to have some issues. Why wouldn't you expect that it is
possible selinux wouldn't play quietly in its corner right after you install...
yet you probably wouldn't think twice about a few little issues with gdm or
nautilus?


I wouldn't find it strange to see bugs in nautilus/gdm/any other than
selinux strange. Selinux is just: Annoying, frustrating, irritating
and asking to be disabled. My selinux history tells me that this isn't
a bug.. it's just selinux.


An assumption that is dangerous. I understand prior bad selinux issues can
leave you feeling that way, but consider how similar it is to just 'click ok for
everything' in Windows? Yes.. prior experience would tell you its something you
have to do for it to work, but its also exploited by malicious code. Assuming
every selinux audit is a bug or just selinux being annoying is a terrible mindset.



Now suggestions.
- To keep selinux running nicely on your desktop you need to relabel or
restorecon your files frequently, especially after any updates are done. If you
update selinux-policy or your kernel, immediately do 'touch /.autorelabel' and
then reboot... when you don't you're tempting selinux to annoy you with denials
(expected behavior).
- Use tmpfs for /tmp. This one suggestion from Dan Walsh has been very helpful
for my systems. Just add the following line to your /etc/fstab:
tmpfs /tmp tmpfs defaults 0 0

then do:
rm -Rf /tmp/*; reboot

Then remember that files in tmp are supposed to be temporary and don't save
large downloads, misc files, etc, in tmp... they will disappear at reboot, and
tmp is only 512Mb with tmpfs defaults.



First: it requires a reboot which should not be the case for ANY linux
based program unless it has a good reason. Windows == reboots afer
every update. Don't follow that path on linux!


Actually, any kernel update requires a reboot unless you're pulling monkey
tricks (yes, it can 'kinda' be done without rebooting, but not with Fedora
kernel updates). Any time you update selinux policy you can get away without
rebooting, just restoring contexts instead, but its much simpler... and less
error prone, to do it while nothing is being used (i.e. before you really get
the system booted). Its not necessary, its 'best practice' for effectively
testing and using selinux in its development state. So don't reboot if you
don't feel like it; I will.



Second: it requires me to INVESTIGATE the issues, find solutions and
fix it. Sorry to tell but that's not my job nor am i willing to do it
and it requires a lot of time to fix issues that should not even
exist.


So, you'd rather just have a less secure system you can ignore? Ok.


Third: The tmpfs thing might be handy but i would just like to run the
OS in it's default stuff. If i need to edit things like that then
there is something wrong with Fedora.


I agree; Fedora should ship with tmpfs configured, but its not my call. I'm
just trying to help you.



- Run selinux-policy-targeted (the default, so don't change it) and then learn a
little bit about what denials mean, why they happen, and report those that you
cannot figure out. Use setroubleshoot and sealert. I've got lots of denials in
my audit database right now (actually 30+ of them are new today, for various
stuff I've been testing)... but not one of them has stopped me from 'doing real
work' on the system.


Again require me to do some work to get things fixed which should not
even be broken in the first place.


Beta.


I simply don't get why such a idiotic system has to be in fedora...
Fedora is about user friendly distributions right? this one isn't user
friendly at all. Till now i've always disabled selinux as soon as the
first boot was completed.


Well, its clear you don't understand it, which is ok, but debating its purpose
or implementation is not a reasonable use of time. You may continue to disable
SELinux... I'll continue to do everything I can to help the developers improve
it because I value what it provides.



Also a note about the selinux stats in the smolt database. When you
install fedora selinux is (sadly) enabled by default. And on the first
boot you get the smolt system specs sending stuff.. at that point
(atleast in F9 beta) there was NO option to turn off selinux so the
stats will therefore always indicate a higher selinux usage than is
actually the case. i turned it off right after those smolt things
where send but i'm in the smolt db now with selinux enabled!


Every update smolt does will fix that, showing it turned off on the machine.
Don't be overly dramatic, noone really cares whether the smolt stats are
slightly padded or not: its nothing more than 'close to reasonably accurate',
and it won't determine whether SELinux continues to be developed or whether
Fedora backs it.


--
Andrew Farris <lordmorgul@gmail.com> www.lordmorgul.net
gpg 0x8300BF29 fingerprint 071D FFE0 4CBC 13FC 7DEB 5BD5 5F89 8E1B 8300 BF29
revoked key 0xC99B1DF3 no longer used
No one now has, and no one will ever again get, the big picture. - Daniel Geer
---- ----

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 04-01-2008, 01:13 AM
Mark
 
Default Fedora (again) forces me to disable SELinux

2008/4/1, Andrew Farris <lordmorgul@gmail.com>:
> Mark wrote:
> > 2008/4/1, Andrew Farris <lordmorgul@gmail.com>:
> >> Mark wrote:
> >> > Hey,
> >> >
> >> > I just installed the Fedora 9 Beta release and am doing a full system
> >> > update as we speak.
> >> > While downloading the updates nothing is wrong.. it just downloads and
> >> > that's it. But when installing the updates i get a ton of selinux
> >> > notices!! and this is just a default Fedora 9 beta followed by a yum
> >> > -y update.
> >>
> >>
> >> A few suggestions... first, this is beta software, so naturally the fresh beta
> >> install is going to have some issues. Why wouldn't you expect that it is
> >> possible selinux wouldn't play quietly in its corner right after you install...
> >> yet you probably wouldn't think twice about a few little issues with gdm or
> >> nautilus?
> >
> > I wouldn't find it strange to see bugs in nautilus/gdm/any other than
> > selinux strange. Selinux is just: Annoying, frustrating, irritating
> > and asking to be disabled. My selinux history tells me that this isn't
> > a bug.. it's just selinux.
>
>
> An assumption that is dangerous. I understand prior bad selinux issues can
> leave you feeling that way, but consider how similar it is to just 'click ok for
> everything' in Windows? Yes.. prior experience would tell you its something you
> have to do for it to work, but its also exploited by malicious code. Assuming
> every selinux audit is a bug or just selinux being annoying is a terrible mindset.
>
Selinux keeps proving me that it deserves to shut down. i can't help
it that it blames me for playing flash animation, using a gif
animation in a local web folder or oven just installing updates from
fedora itself..

>
> >> Now suggestions.
> >> - To keep selinux running nicely on your desktop you need to relabel or
> >> restorecon your files frequently, especially after any updates are done. If you
> >> update selinux-policy or your kernel, immediately do 'touch /.autorelabel' and
> >> then reboot... when you don't you're tempting selinux to annoy you with denials
> >> (expected behavior).
> >> - Use tmpfs for /tmp. This one suggestion from Dan Walsh has been very helpful
> >> for my systems. Just add the following line to your /etc/fstab:
> >> tmpfs /tmp tmpfs defaults 0 0
> >>
> >> then do:
> >> rm -Rf /tmp/*; reboot
> >>
> >> Then remember that files in tmp are supposed to be temporary and don't save
> >> large downloads, misc files, etc, in tmp... they will disappear at reboot, and
> >> tmp is only 512Mb with tmpfs defaults.
> >>
> >
> > First: it requires a reboot which should not be the case for ANY linux
> > based program unless it has a good reason. Windows == reboots afer
> > every update. Don't follow that path on linux!
>
>
> Actually, any kernel update requires a reboot unless you're pulling monkey
> tricks (yes, it can 'kinda' be done without rebooting, but not with Fedora
> kernel updates). Any time you update selinux policy you can get away without
> rebooting, just restoring contexts instead, but its much simpler... and less
> error prone, to do it while nothing is being used (i.e. before you really get
> the system booted). Its not necessary, its 'best practice' for effectively
> testing and using selinux in its development state. So don't reboot if you
> don't feel like it; I will.
>
Oke that's a extreme example. If the kernel gets updated than it
deserves a reboot but for all other things (software related) than
no.. it should not require a reboot

>
> > Second: it requires me to INVESTIGATE the issues, find solutions and
> > fix it. Sorry to tell but that's not my job nor am i willing to do it
> > and it requires a lot of time to fix issues that should not even
> > exist.
>
>
> So, you'd rather just have a less secure system you can ignore? Ok.

Well if it's with the annoying things that i've experienced with
selinux today and in the recent years than yes. Surely selinux can
spit out real warning that could potential be a real thread.. just
never seen one before and i've seen quite a few warnings.
>
>
> > Third: The tmpfs thing might be handy but i would just like to run the
> > OS in it's default stuff. If i need to edit things like that then
> > there is something wrong with Fedora.
>
>
> I agree; Fedora should ship with tmpfs configured, but its not my call. I'm
> just trying to help you.
>
And thanx for the help ^_^
>
> >> - Run selinux-policy-targeted (the default, so don't change it) and then learn a
> >> little bit about what denials mean, why they happen, and report those that you
> >> cannot figure out. Use setroubleshoot and sealert. I've got lots of denials in
> >> my audit database right now (actually 30+ of them are new today, for various
> >> stuff I've been testing)... but not one of them has stopped me from 'doing real
> >> work' on the system.
> >>
> > Again require me to do some work to get things fixed which should not
> > even be broken in the first place.
>
>
> Beta.

Not beta! This is selinux related and is like this for years so don't
tell me it's because of "beta". Otherwise try out Fedora 8 final fully
updated to see for yourself. It's (again) just selinux.
>
>
> > I simply don't get why such a idiotic system has to be in fedora...
> > Fedora is about user friendly distributions right? this one isn't user
> > friendly at all. Till now i've always disabled selinux as soon as the
> > first boot was completed.
>
>
> Well, its clear you don't understand it, which is ok, but debating its purpose
> or implementation is not a reasonable use of time. You may continue to disable
> SELinux... I'll continue to do everything I can to help the developers improve
> it because I value what it provides.

I'm interested in trying it out and having a secured linux machine but
not this way. Once it's illnesses are fixed (if that ever gets done)
and selinux only spits out warnings like every other firewall is doing
than i will probably use it by default as well. Just not now because
of the reasons i told a few times now.
>
>
> > Also a note about the selinux stats in the smolt database. When you
> > install fedora selinux is (sadly) enabled by default. And on the first
> > boot you get the smolt system specs sending stuff.. at that point
> > (atleast in F9 beta) there was NO option to turn off selinux so the
> > stats will therefore always indicate a higher selinux usage than is
> > actually the case. i turned it off right after those smolt things
> > where send but i'm in the smolt db now with selinux enabled!
>
>
> Every update smolt does will fix that, showing it turned off on the machine.
> Don't be overly dramatic, noone really cares whether the smolt stats are
> slightly padded or not: its nothing more than 'close to reasonably accurate',
> and it won't determine whether SELinux continues to be developed or whether
> Fedora backs it.
>
Not a big issue. just something worth noting incase anyone was gonna
point me to the numbers who are "using" selinux.
>
> --
> Andrew Farris <lordmorgul@gmail.com> www.lordmorgul.net
> gpg 0x8300BF29 fingerprint 071D FFE0 4CBC 13FC 7DEB 5BD5 5F89 8E1B 8300 BF29
> revoked key 0xC99B1DF3 no longer used
> No one now has, and no one will ever again get, the big picture. - Daniel Geer
> ---- ----
>
> --
> fedora-devel-list mailing list
> fedora-devel-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-devel-list
>

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 04-01-2008, 01:18 AM
Rahul Sundaram
 
Default Fedora (again) forces me to disable SELinux

Mark wrote:



I'm interested in trying it out and having a secured linux machine but
not this way. Once it's illnesses are fixed (if that ever gets done)
and selinux only spits out warnings like every other firewall is doing
than i will probably use it by default as well. Just not now because
of the reasons i told a few times now.


You keep repeating it but note that SELinux is not a firewall and
doesn't behave like one because it isn't one.


http://fedoraproject.org/wiki/SELinux

Rahul

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 04-01-2008, 01:33 AM
Mark
 
Default Fedora (again) forces me to disable SELinux

2008/4/1, Rahul Sundaram <sundaram@fedoraproject.org>:
> Mark wrote:
>
> >
> > I'm interested in trying it out and having a secured linux machine but
> > not this way. Once it's illnesses are fixed (if that ever gets done)
> > and selinux only spits out warnings like every other firewall is doing
> > than i will probably use it by default as well. Just not now because
> > of the reasons i told a few times now.
>
>
> You keep repeating it but note that SELinux is not a firewall and
> doesn't behave like one because it isn't one.
>
> http://fedoraproject.org/wiki/SELinux
>
> Rahul

Reading this: http://www.nsa.gov/selinux/info/faq.cfm#I1 (point 1., 2.
and 3.) reminds me a great deal of Vista's UAC which i also turn off
as soon as i encounter it. If i get the idea (correct me if i'm wrong)
than selinux is isolating a application just like you as a user are
isolated in yout user account. and if a attacker attacks a piece of
software it can only effect that part of the software.. o well if
that's the case than it's more than a firewall indeed but it's still
irritating. Also if i )as a user) run a application and a attacker
strikes that application than the attacker still can't do more than i
as a user can do so it doesn't seem to add that much advantage. But i
might be wrong..??

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 

Thread Tools




All times are GMT. The time now is 09:07 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ę2007 - 2008, www.linux-archive.org