selinux eradicator?
Jim Cornette
fc-cornette at insight.rr.com
Thu Jun 28 00:17:39 UTC 2007
Tom Horsley wrote:
>> The most actively updated selinux package is selinux-policy. So you
>> should be able to remove this without too many dependencies.
>>
>> policycoreutils does have lots of packages that require it so getting
>> rid of it will be a problem. libselinux is a core library which you
>> can't remove. libsemanage and libsepol are required by policycoreutils.
>>
>> So I would just remove selinux-policy-* and you should see far less updates.
>
> That seemed to work. I also found I could remove the setroubleshoot
> stuff with no dependency issues. Any of the remaining packages seem
> to transitively drag in every other rpm on the system :-).
>
> Thanks.
>
Have you tried running setroubleshoot with SELInux enabled or in
permissive? I recently enabled it on my sandboxed server and the program
made it fairly easy to get the system functioning as it should function.
I noticed some actions which I did not want allowed also in the process.
Though the server is sandboxed, my XP computer is exposed to a large
group of users and the Internet access. If the XP computer ended up
being "owned" the sandboxed server could be compromised.
SELinux is now active on most computers since it is easier to diagnose
problems, report misbehaving programs in a security sense.
Jim
More information about the fedora-list
mailing list