On 6/9/05, I <stewartetcie@xxxxxxxxxx> wrote: Users of Fedora Core 4 want to know, how do we not, repeat not, install SELinux? Steve Grubb <linux_4ever@xxxxxxxxx> replied: >Why would you want to do that? Its better to fix >problems than avoid them. >SE Linux has to be installed. libselinux is linked to >many apps and the KERNEL is compiled with support for >SE Linux. You can disable it, but you have to install >it. Chris Bell <christofer.c.bell@xxxxxxxxx> replied: >Since you're already familiar how to disable SELinux, >the short answer to your question is, "you can't." Please allow me to reply to these responses. Steve, take a look at "sHype: Secure Hypervisor Approach to Trusted Virtualized Systems" an IBM research report published on February 2, 2005. On page 6, the authors say: "Mandatory access control has been designed and implemented for the Linux operating system (cf. SELinux [1]). However, controlling access of processes to kernel data structures has led to an extremely complex security policy. Therefore, SELinux does not enforce strong isolation properties equivalent to those offered when running applications on separate hardware platforms. Operating system security controls such as those offered by SELinux are more appropriate for enforcing mandatory access control among a set of closely cooperating applications, which naturally share a hardware platform. In a hypervisor system, there are few resources shared on the virtualization level. This results in simple security policies when compared to those for operating system controls." The point is that SELinux is: (1) so complex as to be unmanageable; (2) inappropriate for all cases, virtualization being a case in point. By the way, sHype is available as a patch for Xen, which is distributed with Fedora Core 4. On a more general note Steve, take a look at Ken Thompson's 1984 ACM Turing Award lecture, "Reflections on Trusting Trust" wherein the author of the UNIX operating system illustrates why you shouldn't trust sneaky folks like him. By extension, I'm a little suspicious of the NSA's motives in distributing a system for mandatory access control that is needlessly complex and, essentially, unmanageable at a time when snort and tripwire, for example, are widely available and a stateful firewall is built into the Linux kernel. Chris and Steve, you're abolutely correct. Fedora is the only widely used Linux distribution to incorporate SELinux in such a manner that it cannot be removed. If its so important, how come everybody else can get along without it? Perhaps we might consider an alternative Fedora Core 4 distro that is free of this one-stop security panacea? Yours truly, STEWART & CIE. Steve Stewart -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
