SELinux removed from desktop cd spin?

Valent Turkovic valent.turkovic at
Thu Jan 17 14:53:59 UTC 2008

Yaakov Nemoy wrote:
> On Jan 16, 2008 3:35 PM, Valent Turkovic <valent.turkovic at> wrote:
>> Dan you are taking this the wrong way. Of course SElinux is great, of
>> course it prevents from 0day exploits, no body is challenging that.
>> But what was the real threat to average desktop users? Has anybody
>> made use of this 0day exploit threat? is there a linux virus in the
>> wild that spread like wildfire that took down all desktops that didn't
>> use SELinux?
> If a single Linux desktop goes down because of a 0day event, then
> we've already failed at making a secure desktop.  By that point, it's
> too late.
> This is a failure, and we should do everything we can to make sure it
> *never* happens.
> -Yaakov

Scaring people away from fedora desktop with too "paranoid" utilities is 
a good way to ensure that there are not too much users on it even if 
linux judgment 0day comes one day.

Are you actually hoping to really protect from real threats? Not even 
SElinux can protect from rootkits.

Are you actually saying that SELinux is security silver bullet?
If you know anything about security you know that there is no silver 
bullet in security is it always a trade off in usability vs. security.

No desktop spins for fedora I see no actual benefit and huge cost in 
user experience, usabillity and cost of valuable CD space.

A quick googleing showed that security experts see SELinux like a 
backdor and as a problem just waiting to happed, and they suggest 

"As a final note, I follow the logic of the grsecurity team, who claim 
that LSM and SELinux are backdoors waiting to happen."

See the link:


More information about the fedora-devel-list mailing list