Re: How best get rid of SELinux?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Alan Cox wrote:
that the disadvantages far outweigh the advantages. There are
exactly three users which can actually log on to my machine:

You hope...

:-)

It appears to me that RH is courting large corporate or government
users where political considerations and the ability to dodge
responsibility are important, rather than stand-alone small desktop
systems with single or just a very few actual users.

SELinux is useful in both cases. Large corporations may well use custom
rules to protect critical data or enforce policies (eg 'no you can't run
anything you download').

This is a subjective, not objective, assessment.

In the general case its there to protect all systems and users by doing

I'm aware of the intent.

[snip]

default level of security appropriate to external risk. Allowing users to
turn off security is generally better than assuming they will read the
manual and turn it on.

We agree there.

I think it would be better if they had the option simply not
to install.

Its a bit like asking for a car to come with automatic or manual
transmission. It isn't a last minute extra you fit like a headrest its
intrinsic to the very build of the system.

I guess you missed my comment (easy to do in this thread) that
HAD IT BEEN DONE RIGHT at the start, it would be much easier than
trying to retrofit now.

There are sound engineering reasons why "rpm -e selinux" isn't doable (or
believe me we'd have done it that way!)

Yes, that is not easily doable. But that's not the same as
"don't install on my otherwise blank disc".

By your own count, there are something like 50 apps which
are SELinux aware, along with some libraries, and the kernel.
These would need different versions, one SELinux, one not.

Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux