[CentOS] Correct xen domains path
Daniel de Kok
danieldk at pobox.com
Mon Jun 18 16:45:26 UTC 2007
On Mon, 2007-06-18 at 12:03 -0400, Stephen Harris wrote:
> I've not heard a good reason to keep SELinux enabled, to be honest.
> For high sensitivity stuff, sure (much like using SEOS on Solaris for high
> sensitivity machines - eg those where third parties might have access).
> But as a general rule for all machines? Why?
One of the major goals of SELinux is to restrict the impact of 0-day
vulnerabilities. If there is an ugly exploit for some network-facing
daemon, it is a good idea to restrict the potential damage as possible.
Besides that, due to the restrictions that SELinux imposes, it can also
catch a class of configuration errors that impact security.
Sure, it does not solve all security problems. But IMO it is a step
forward from running daemons with (nearly) the rights of a normal user.
-- Daniel
More information about the CentOS
mailing list