1 |
> I was wondering if there was any harm in disabling the NSA SELinux support |
2 |
> in my gentoo-sources based kernel. |
3 |
|
4 |
There is no harm, but if you were interested a lot of packages come |
5 |
with policies by default. Currently there is no support for SELinux in |
6 |
Gentoo for the vast majority of desktop applications. It is a little |
7 |
bit of work to get anything nonfunctional working. There are |
8 |
additional modes where you can simply run your user as unconfined and |
9 |
any services will be restricted by SELinux. grsecurity's RBAC is an |
10 |
alternative where you simply let it generate a policy based on what it |
11 |
sees you use. |
12 |
|
13 |
Notably, Fedora and CentOS enable SELinux by default. |
14 |
|
15 |
> SELinux is the only one I've had a bit of experience with - I run CentOS |
16 |
> (SELinux is enabled by default) for some personal-use-only services that |
17 |
> I want to run without dealing with Gentoo. My first step in a CentOS |
18 |
> install is to disable SELinux (and the firewall, hehe) to avoid dealing |
19 |
> with the pain of wading through documentation for hours on end. |
20 |
|
21 |
http://stopdisablingselinux.com/ - your distribution probably comes |
22 |
with policies for everything you want to install, anyway... |