|
|
|
|
|
|
by seanp2k2
3424 days ago
|
|
|
The main value in SELinux is to protect apps against things they should never be allowed to do (like your web app reading /etc/shadow or notepad listening for network connections) so that even if they get hit with a 0day, they're still not really vulnerable because the SEL stuff blocks all the bad things they could do. It really truly works in practice to prevent a bunch of bad stuff. In reality though, most people just disable it because it's a pain to learn and deal with. |
|
|
A security-solution that makes normal use impossible is not a solution. Security solutions never work if they make usability worse. SELinux goes farther, it also makes functionality worse till impossible. That is what I meant when I wrote that I don't see the point of it.
Something like that can be a good solution if you are manually hardening a specific process. As a general security solution it is completely unfit. I don't see the point of pushing it for that. Fedora should never have activated it.