[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How NSA access was built into Windows



Tim wrote:
> Taking the opposite line of attack, it is possible to completely
> remove it from a Linux installation, isn't it?

Aside from disabling it by passing selinux=0 on the kernel command
line (which I'm sure you know about), you could also uncheck the "NSA
SELinux Support" in the kernel config and build a kernel with no
selinux support.

There are many applications that are compiled with support for selinux
that depend on libselinux.  If you wanted to get rid of that I think
you'd need to recompile those applications or build a dummy libselinux
package that provided some sort of stub library.

I've not tried any of these things.  If I really didn't want my OS to
have any parts of selinux in it, I'd probably choose a different
distro.  As I understand it, Novell/Suse is pushing AppArmor instead
of SELinux.  I don't know what other distros use or don't use selinux,
but I'm sure google could find out (or distrowatch.org).

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
======================================================================
What it means to take rights seriously is that one will honor them
even when there is a significant social cost in doing so.
    -- Ronald Dworkin

Attachment: pgpR4vDQOYa3t.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]