Originally Posted by Poophead
In any case, I have a little trouble understanding what all this stuff DOES - if I have a file, and I chmod a-r it, SE Linux will not protect it any More than linux normally does, will it?
I have a bit of a problem understanding the Security enhanced part of it - it is just more of Access Control , not actually more protection for each thing that it is protecting?
(that is, files, am I right? or does it include running processes as well? But those are already very very thoroughyl walled off from one another...)
Read this - http://www.nsa.gov/selinux/
Yes, it is about processes, not file security. It's about boundaies and access rules, not read and write.
A hacker can write if they are in the area. But if they are only in a user area they can only write (delete) the one users data. A virus can take down the web site, but not the webserver, and / or the DB and kernal.
Bd code can take down the dhcp client sevice, but not samba.
But if and only if SELinux is running and defined for that service.
Turn off SELinux to use Res-FS (as one guy said, so he can scan his disk after hard resets) is a catch-22 circle. Prevent hard rests in the first place and EXT3attr has journalling and can be restarted after a hard reset (tech talk for system crash).
I've installed NVidia viedo drivers with no noise from SELinux.
I've installed older progams, wine, a windows program, no noise from SELinux,
becuse it was all running in the correct area.
Welcome to the 21st Century,
FC4 has even more SELinux inside.