[CentOS] Correct xen domains path

Daniel de Kok danieldk at pobox.com
Mon Jun 18 16:45:26 UTC 2007

On Mon, 2007-06-18 at 12:03 -0400, Stephen Harris wrote:
> I've not heard a good reason to keep SELinux enabled, to be honest.
> For high sensitivity stuff, sure (much like using SEOS on Solaris for high
> sensitivity machines - eg those where third parties might have access).
> But as a general rule for all machines?  Why?

One of the major goals of SELinux is to restrict the impact of 0-day
vulnerabilities. If there is an ugly exploit for some network-facing
daemon, it is a good idea to restrict the potential damage as possible.
Besides that, due to the restrictions that SELinux imposes, it can also
catch a class of configuration errors that impact security.

Sure, it does not solve all security problems. But IMO it is a step
forward from running daemons with (nearly) the rights of a normal user.

-- Daniel

More information about the CentOS mailing list