Re: How NSA access was built into Windows

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2007-01-16 at 00:30 -0500, Todd Zullinger wrote:
> Tim wrote:
> > Taking the opposite line of attack, it is possible to completely
> > remove it from a Linux installation, isn't it?
> 
> Aside from disabling it by passing selinux=0 on the kernel command
> line (which I'm sure you know about), you could also uncheck the "NSA
> SELinux Support" in the kernel config and build a kernel with no
> selinux support.
> 
> There are many applications that are compiled with support for selinux
> that depend on libselinux.  If you wanted to get rid of that I think
> you'd need to recompile those applications or build a dummy libselinux
> package that provided some sort of stub library.
> 
> I've not tried any of these things.  If I really didn't want my OS to
> have any parts of selinux in it, I'd probably choose a different
> distro.  As I understand it, Novell/Suse is pushing AppArmor instead
> of SELinux.  I don't know what other distros use or don't use selinux,
> but I'm sure google could find out (or distrowatch.org).



You are absolutely right about the applications being compiled for
libselinux.  I tested this the hard way by ripping it out with rpm -ev
--nodeps.  Basically it hosed the system; the box would not even boot
anymore.  Kernel panic reared it's head early on in the boot process.

Root pivots are useless in this case, because the core system is
nonfunctional.  Chroot with the rescue cd if you like (btw there's a bug
in the FC5 edition of that) but no dice.

I got everything back, but I had to do an FC5 to FC5 "upgrade" with the
Unity respin dvd.  It was still a mess after that, I had to do spot
checks and replace what had been hosed by the upgrade "fix".

The whole thing also left me wishing that I had backed up my grub.conf.

The silver lining to all this is that I went ahead and upgraded to the
2257 kernel.  yay?


LX
-- 
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
Off Topic or Political Discussions:
http://mandrakeot.mdw1982.com/
http://www.mdw1982.com/mailman/listinfo/mandrakeot

"Character is what you do when nobody's looking." - J.C. Watts
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux