Re: How best get rid of SELinux?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Stephen Smalley wrote:

Just to clarify (trying to avoid the flame fest here):  SELINUX=disabled
in /etc/selinux/config on any modern Fedora system should truly disable
SELinux in the kernel, by having /sbin/init write a "1" to

What you just wrote is not possible. At the very least, the code
which checks the state of the enable flag must be present
and active in memory.

[snip]

Permissive mode is different - SELinux stays active on the code paths
and while permission checks are always granted, there are other possible
failure paths.  However, if you (here you == any user) find that
something is broken in permissive mode, please file a bug report so that
it can be examined to see whether it can be resolved.

What you write here is just as applicable to "disabled" state
as it is to "permissive" state, just presumably less code
gets executed, unless SELinux itself gets exploited.

[snip]

The agenda is the already stated one, to bring flexible mandatory access
control to the mainstream in order to counter the threat posed by
malicious and flawed programs.  Nothing more, nothing less.

It would be nicer if the mandatory access control were an
optional feature for those who don't want it.

Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux