[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Selinux on a Squeeze Desktop



Hello Patrick.

Thanks for Your answers, the only doubts that I have now with selinux
are:

System update with "aptitude safe-upgrade" and "aptitude full-upgrade"
did You give any problems?

About backups, the only tool for backups is "star", seems that are not
inclosed in squeeze, there is more similar  tools that supports extended
attributes inclosed in squeeze?

If I want uninstall and delete selinux on squeeze, after delete
packages, is possible delete extended selinux attributes in files?

If I mount an ext3/ext4 usb hard disk, MUST I relabel this too for
extended attributes? Or can run without relabel too?

Thanks
Josep





El dom, 13-03-2011 a las 11:55 -0700, Patrick Bartek escribió:
> --- On Sun, 3/13/11, Josep M. Gasso <websurfer@navegants.com> wrote:
> 
> > I would like ask if someone have in his home a
> > Desktop/Server machine
> > what runs selinux, my Debian Squeeze machine is always on
> > and is a
> > mailserver too.
> 
> I run Fedora.  (And have since FC3.)  SELinux is installed by default.  It has problems.  Not many, but enough to be annoying and require "fixes.".  I keep it in "Permissive" mode on my home system, which means it logs security issues, but doesn't prevent them.  Uninstalling it is next to impossible, since everything on the system has SELinux as a dependency.    It (SELinux) is one of the reasons I'm switching to Debian.  At least with Debian, I have the OPTION not to install it.  I won't be.
> 
> > So, I would like if there is any desktop problems with
> > selinux, and if
> > speed is also affected.
> 
> The one problem that I've experienced with SELinux over several versions of Fedora is SELinux will prevent updating (upgrading in Debian-speak) a newly installed or upgraded (dist-upgrade in Debian) system.  However, if you disable or put SELinux in permissive, after the system update, it no longer has issues with additional updates.  It's a strange beast.
> 
> SELinux is fairly efficient.  I doubt that it would affect system performance all that much.  Although, I've never run any tests.  But to run it effectively, you need to be very knowlegeable in its use and configuration.  Installing and forgetting won't cut it.  Do the research.  Study the manuals.  Etc.
> 
> > Any advice will be appreciated, I plan install selinux in a
> > few days.
> 
> I consider SELinux a waste on a "home" system.  SELinux is like suspenders:  If you have a good belt, you don't need the suspenders.  However, in a commercial/business, workstation/server set up, and you're the security guy, I would run it.  Even with the problems: better safe than sorry.  Or fired. ;-)
> 
> Before doing the "real" install, I suggest you use a "test" system first.  Like I said above:  SELinux is pervasive and unistalling, if it doesn't suit you, might be a problem, or impossible.  A dual boot is best, but a VM would be good enough, but not perfect, for an evaluation.
> 
> FYI:  I'm not an SELinux "expert."  I took one look at the "official" administrative manual, and said "No, thanks."  What would you expect from something that was developed by a insanely paranoid government agency? ;-)
> 
> B
> 
> 



Reply to: