• Selinux, crap or good to have
    4 replies, posted
Welp I am re-engineering the lifeblood of my company and wondering if SElinux actually does anything useful, so far it has been just a giant pain in my ass. So far I have it pretty secure but it just feels like a UAC control... If it help you make a decision. Userdb 25K users, ~400 logged in at any time. Assest include SSN, birthcerts, Credit for company/clients, business docs, ect ect
As long as you know what you're doing that sounds like a perfect application for SElinux. I don't mean to sound snobby with that comment, because I don't even use it any more. Restricting Writes on sensitive information like that seems like it'd be important and Reads on the info like SSN's.
looks like a bunch of BS I am disabling it
It's pretty annoying in Fedora, pops up every time even on a vanilla install (didn't install anything yet).
SELinux is meant to limit the amount of damage that can be done if something on your machine is compromised, by restricting programs to using only the resources (files, system calls, etc.) they need to do their job. For example, if a program has no business accessing files outside a certain directory during normal operation, SELinux policy can block it from ever accessing files outside that directory, even if an attacker gains complete control of the program and even if it's running as root.
Sorry, you need to Log In to post a reply to this thread.