[CentOS] Correct xen domains path
Daniel de Kok
danieldk at pobox.comMon Jun 18 16:45:26 UTC 2007
- Previous message: [CentOS] Correct xen domains path
- Next message: [CentOS] Correct xen domains path
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, 2007-06-18 at 12:03 -0400, Stephen Harris wrote: > I've not heard a good reason to keep SELinux enabled, to be honest. > For high sensitivity stuff, sure (much like using SEOS on Solaris for high > sensitivity machines - eg those where third parties might have access). > But as a general rule for all machines? Why? One of the major goals of SELinux is to restrict the impact of 0-day vulnerabilities. If there is an ugly exploit for some network-facing daemon, it is a good idea to restrict the potential damage as possible. Besides that, due to the restrictions that SELinux imposes, it can also catch a class of configuration errors that impact security. Sure, it does not solve all security problems. But IMO it is a step forward from running daemons with (nearly) the rights of a normal user. -- Daniel
- Previous message: [CentOS] Correct xen domains path
- Next message: [CentOS] Correct xen domains path
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list