30 Nov
2010
30 Nov
'10
2:35 a.m.
On 11/29/10 8:10 PM, Christopher Chan wrote:
Yes, if you are concerned about security of certain files it is indeed a good idea to run software you don't trust elsewhere. And if the problem is not trusting software, why are you putting blind faith in the SELinux code?
Oh certainly. That is why there is a separate SELinux user context for apache too. Blind faith in SELinux code? Hey, let's not run anything at all then. SELinux provides an extra layer of security to use against exploits that may go beyond what we can do with the usual posix provisions. I do not see why you have a problem with it.
Not so much a problem - I'm just saying that you should do the simple things that have always worked first, then add SELinux if you want.
--
Les Mikesell
lesmikesell@gmail.com