[CentOS] SELinux

Wed Apr 5 09:25:37 UTC 2006
Daniel de Kok <danieldk at pobox.com>

On Tue, 2006-04-04 at 23:15 -0500, Chris Weisiger wrote:
> Who would / Who wouldnt need to run SELinux?

On servers it is useful as an extra line of defense. I have it enabled
on my workstation-ish machines, because it hasn't got too much in the
way. Of course, YMMV.

> I have linux server at home. Would I need to run SELinux?

I guess that it is up to your own judgement. If the server is only used
internally and is not connected to the net, tuning SELinux for your
goals may not be worth the hassle. If the server provides services to
the outside world, it is seriously worth considering to use SELinux.
E.g. a fairly standard webserver usually requires only little
modification to the default policies. The upstream vendor's "SELinux
Guide" helped me a lot with making smaller modifications:


> What is the average home user doing?

Most home users that I have seen disable SELinux. Of course, there is a
difference between "is" and "ought".

-- Daniel