selinux eradicator?

Mike McCarty Mike.McCarty at
Fri Jun 29 00:25:03 UTC 2007

Rahul Sundaram wrote:
> Mike McCarty wrote:
>  If he runs behind a
>> hardware firewall, and has all ports closed or "stealthed", then
>> he's as secure as one can be and still have connections.
> SELinux is not related to any traditional firewalls at all just in case 
> someone is confused about that still.

Agreed on this point. I hope what I wrote wouldn't cause anyone
to think otherwise.


>> Until such time, efficacy in loading or not loading SELinux
>> to achieve enhanced security is a matter of conjecture, opinion,
>> and personal preference.
> It is very much not conjecture. Use any good search engine and do your 
> own research rather speculate. One point that should be noted is that 

You mean like these security vulnerabilities introduced by SELinux:

It appears that SELinux can be disabled via a kernel exploit in FC6:

For another "supporter" whose comments can actually be read as
a criticism, see

Here's an example of a defect added to the kernel as a result of
attempting to accomodate SELinux

> unlike the original analogy SELinux is a additional security layer and 
> turning it off doesnt not equate to turning off all security measures 

Also agreed that it is an additional security measure, though I wouldn't
use the term "layer".

> and of course the management of SELinux needs and will improve with the 
> continuous development of better user space tools but what the 
> underlying architecture is based on decades of research and work. NSA 
> SELinux site has various docs on this.

Spoken by a True Convert.

Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!

More information about the fedora-list mailing list