How NSA access was built into Windows
Craig White
craig at tobyhouse.com
Mon Jan 22 21:36:45 UTC 2007
On Mon, 2007-01-22 at 15:32 -0500, Gene Heskett wrote:
> On Monday 22 January 2007 13:06, Stephen Smalley wrote:
>
> [...]
>
> >Sounds more like ccache sped up your build than anything selinux
> >related.
>
> Except that ccache has been in use since back about a week after I
> installed FC6 from scratch, installed then as a solution to the long
> build times of the kino cvs. It was in use on FC2 before that, for about
> a year. (But that copy or /root/.ccache is on another separate drive.)
> So it was active for the 2nd and 3rd builds too, in addition to building
> all the 2.6.19-rcN tree as it became available. And all of those builds
> were 30 minutes or more. With ccache running...
>
> I guess it boils down to you can believe what you want, and I can do the
> same. When I get a 3x increase in *effective* compiler speed by dropping
> selinux, then I think the conclusions I reach as a lifetime
> troubleshooter & medium grade JOAT should be obvious. I'm sorry it
> doesn't appear that way to others.
----
one problem I have with this is that you say that you've been using
ccache for a year on FC-2 when in fact, last November 30th, you didn't
know what ccache was and Dave Jones had to tell you what it was and how
to install it.
https://www.redhat.com/archives/fedora-list/2006-November/msg06826.html
This of course is notwithstanding the problems you had making it work
because you insist on building stuff as root and that isn't secure or
recommended...
https://www.redhat.com/archives/fedora-list/2006-November/msg06858.html
----
>
> Selinux is also on my FC5 lappy, but it didn't seem to 'get in my face'
> near as badly as this FC6 version has done. Here, when its set for
> permissive, and it generates 100k a day in the logs for my normal
> activities, reading and replying to email, looking at manpages, working
> on bash scripts, playing a few rounds of patience or editing a wedding
> video in kino and harrassing the folks on ./ as well as these lists, it
> just strikes me that something IS drasticly wrong, and I'm trying to fix
> it. I didn't build an XP2800 box with a gig of ram on a 333mhz fsb 3
> years ago to have it run like a dosbox using floppies. I'll build
> another, a 64 bitter with maybe 4GB of ram next time, when linux has 64
> bit supported as well as 32 bit is now. In the meantime I don't intend
> to support bloat if I can do away with it.
>
> As someone said in a private email, this is MY checkbook, this is MY house
> (its paid for too), this is MY truck (and I wrote a check for it) and
> this is MY computer. And that seems like a right attitude to me.
----
SELinux sort of separates the sysadmins from the users. Users don't want
anything to get in their way (i.e., make/build, run GUI as root).
Sysadmins don't want anything to compromise their system.
Craig
More information about the fedora-list
mailing list