[wplug] Who benefits from SELinux?
Greg Akins
angrygreg at gmail.com
Tue Apr 10 17:28:28 EDT 2012
On Tue, Apr 10, 2012 at 5:10 PM, Pat Barron <pat at lectroid.com> wrote:
> To *vastly* oversimplify (because it's sufficiently complicated that I
> don't totally understand it myself...): It lets you create rules that
> define what programs are allowed to perform what operations - things of
> the form, "this program (or things tagged with this tag, or users with
> this role, etc...) can write to files in this directory", or "this
> program can bind sockets to these ports". So it lets you define your
> security with much finer granularity than just "root" or "not root" -
I've tried to think of it like.. if SELinux thinks I should do it this
way, then I better.. after all I'm not that smart.
So I don't disable it anymore, I try to figure out how to work in it's
constraints and assume that one day it will protect me against an
exploit that I otherwise might have missed.
Am I being naive?
--
Greg Akins
http://twitter.com/akinsgre
More information about the wplug
mailing list