| 1 |
> I was wondering if there was any harm in disabling the NSA SELinux support |
| 2 |
> in my gentoo-sources based kernel. |
| 3 |
|
| 4 |
There is no harm, but if you were interested a lot of packages come |
| 5 |
with policies by default. Currently there is no support for SELinux in |
| 6 |
Gentoo for the vast majority of desktop applications. It is a little |
| 7 |
bit of work to get anything nonfunctional working. There are |
| 8 |
additional modes where you can simply run your user as unconfined and |
| 9 |
any services will be restricted by SELinux. grsecurity's RBAC is an |
| 10 |
alternative where you simply let it generate a policy based on what it |
| 11 |
sees you use. |
| 12 |
|
| 13 |
Notably, Fedora and CentOS enable SELinux by default. |
| 14 |
|
| 15 |
> SELinux is the only one I've had a bit of experience with - I run CentOS |
| 16 |
> (SELinux is enabled by default) for some personal-use-only services that |
| 17 |
> I want to run without dealing with Gentoo. My first step in a CentOS |
| 18 |
> install is to disable SELinux (and the firewall, hehe) to avoid dealing |
| 19 |
> with the pain of wading through documentation for hours on end. |
| 20 |
|
| 21 |
http://stopdisablingselinux.com/ - your distribution probably comes |
| 22 |
with policies for everything you want to install, anyway... |
Archives