[wplug] Who benefits from SELinux?
Brian Makin
merimus at gmail.com
Tue Apr 10 17:57:46 EDT 2012
Break out your rainbow books (particularly Trusted Computer System
Evaluation Criteria) and you'll see what sel is for. It is completely
overkill for a home machine.
On Apr 10, 2012 5:28 PM, "Greg Akins" <angrygreg at gmail.com> wrote:
> On Tue, Apr 10, 2012 at 5:10 PM, Pat Barron <pat at lectroid.com> wrote:
> > To *vastly* oversimplify (because it's sufficiently complicated that I
> > don't totally understand it myself...): It lets you create rules that
> > define what programs are allowed to perform what operations - things of
> > the form, "this program (or things tagged with this tag, or users with
> > this role, etc...) can write to files in this directory", or "this
> > program can bind sockets to these ports". So it lets you define your
> > security with much finer granularity than just "root" or "not root" -
>
> I've tried to think of it like.. if SELinux thinks I should do it this
> way, then I better.. after all I'm not that smart.
>
> So I don't disable it anymore, I try to figure out how to work in it's
> constraints and assume that one day it will protect me against an
> exploit that I otherwise might have missed.
>
> Am I being naive?
>
> --
> Greg Akins
> http://twitter.com/akinsgre
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
>
More information about the wplug
mailing list