On 11/29/10 8:10 PM, Christopher Chan wrote:
>
>> Yes, if you are concerned about security of certain files it is indeed a
>> good idea to run software you don't trust elsewhere. And if the problem
>> is not trusting software, why are you putting blind faith in the SELinux
>> code?
>
> Oh certainly. That is why there is a separate SELinux user context for
> apache too.
> Blind faith in SELinux code? Hey, let's not run anything at all then.
> SELinux provides an extra layer of security to use against exploits that may
> go beyond what we can do with the usual posix provisions. I do not see why
> you have a problem with it.
Not so much a problem - I'm just saying that you should do the simple things
that have always worked first, then add SELinux if you want.
--
Les Mikesell
lesmikesell at gmail.com