Is SELinux worth the headache?

[jet042]

Hey, I've just upgraded my FC5 install to F7 on my IBM T42. When I installed FC5, I was new to Linux and the friend that was helping me told me to disable SELinux and not worry about it. Now I've upgraded solo and during that, I turned on the service to find out that my NIC could no longer access dhcpd and grab an IP address.

Now, I've set SELinux to permissive and it's working okay, but am I missing out on anything by not really using it? If you think I should re-enable it, do you know of a good guide that would show me how to configure it?

 

[stefanwagner]

I don't know a guide, but what I know about SE-Linux, it is complicated stuff, and I wouldn't use it just for fun.

Of course security sensitiveness depends on multiple questions, so it isn't easy to give a rule of thumb.

- Do you use it as as server?
- How many and which people have access to the machine?
- How expensive is downtime?
- Is high data protection necessary?
- ...?

Most desktop systems wouldn't need it, I say.

don't visit my homepage:

http://home.arcor.de/hirnstrom/bewerbung

 

[geirendre]

Guess it all boils down to what level of security you want.
With SElinux enabled your system should be alot more secure
than without, you just have to learn to use the new tool
that SElinux is.

http://fedoraproject.org/wiki/Fedora7/FAQ

maby

 yum install policycoreutils-gui

and some tweaking gets your NIC up and running ;-)

http://www.crypt.gen.nz/selinux/faq.html

 

[zeland]

Here is a good explanation about SElinux.


--== Anything can go wrong. It's just a matter of how far wrong it will go till people think its right. ==--