[CentOS] Running SELinux necessary for the average user?
Daniel de Kok
danieldk at pobox.com
Thu May 3 07:22:41 UTC 2007
On Wed, 2007-05-02 at 22:27 -0700, Preston Crawford wrote:
> I'm wondering because it seems to be slowing my machine down considerably
> under CentOS 5. Especially the daemon they include to monitor SELinux and
> the program that attaches to it. I tried opening this earlier and it just
> sat there spinning.
>
> I want the knowledge that my machine is secure and safe. But I'm wondering
> if the price is worth it. Is it necessary for my machine to be fairly
> secure?
It's an extra layer of security. You can perfectly run a secure machine
without SELinux. Though it can help in the situation where some critical
package is vurnerable, or even in some cases misconfiguration.
Though, I'd look what is making this slow, rather than disabling it with
a thought. If it is setroubleshootd and setroubleshoot that is slowing
down the machine, consider turning off setroubleshootd. SELinux runs
fine without, and in case a policy change is required, you can still use
audit2allow.
-- Daniel
More information about the CentOS
mailing list