|Main Archive Page > Month Archives > fedora-users archives|
On Sat, Feb 12, 2011 at 11:25:39 -0500,
Darr <firstname.lastname@example.org> wrote:
> On Saturday, February 12, 2011 @12:46 zulu, Tim
> <email@example.com> scribed:
> > Well, it /could/ stop either threat, however we don't run SELinux
> > as tightly as it could be run.
> I'm not sure who "we" is, but I run it in restricted mode and rarely even
> get told something has mislabeled files... and when I do get such a message,
> an autorelabel and reboot nearly-always fixes it (I don't mind rebooting
> once a month or so... else I would SU - and change their context manually).
> I don't remember the last time I got an actual denial. More than a year ago,
> for sure.
I think you may have misunderstood the complaint. I believe he was suggesting
that the rules being enforced by selinux are not tight enough to stop some
of the issues when people are tricked into running trojans.
Most of selinux enforcement is targeted at services and a few user tools
that commonly process untrusted data (in particular firefox). There is
also a generic sandbox setup, but people have to actively use it (or configure
their tools to use it).
-- users mailing list firstname.lastname@example.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines