Tim wrote: > Still just playing the devil's advocate... I had also thought of > giving it a dummy, for things that insist on it. I'd hazard a guess > that the many things built to accomodate SELinux don't actually > require it, to do their job (they did their job before SELinux was > added to the pot). They're rebuilt to use the filing system in a > way compatible with SELinux (saving with the right contexts, etc.). I think you're right on with that. I'd have to check, but I believe that mock includes some sort of dummy libselinux to enable building packages in chrooted setups. If I'm recalling that correctly, then that could probably be taken and packaged into an rpm by someone that didn't want to have any selinux bits on their system. There are, of course many more reasonable things to be worried about though. The paranoid folks here ought to consider whether they should be running mplayer or xine or any of the many desktop apps that haven't been audited for security. Any TLA's or other nefarious groups would surely have a far easier time finding holes to exploit in existing software than they would in working a backdoor into a part of the kernel's code that is designed for security and attracts the attention of some very smart developers. -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ====================================================================== Good Government is an oxymoron. -- Legare
Attachment:
pgpAIKrdJTEfe.pgp
Description: PGP signature