How best get rid of SELinux?
Mikkel L. Ellertson
mikkel at infinity-ltd.com
Mon Sep 24 21:50:14 UTC 2007
Alan M. Evans wrote:
> On Mon, 2007-09-24 at 15:58 -0500, Mike McCarty wrote:
>
>> Because SELinux is not a "thing", it is a way of writing apps.
>
> No, no no! How many times does this have to be explained?
>
> Applications don't need to know anything about SELinux in order to be
> under its purview. Only applications that need to interact with SELinux
> in some way need to know about it. I can easily write a program that
> tries to open a forbidden resource and SELinux can most easily prevent
> it despite that my application only #includes stdio.h and knows nothing
> of the hidden hand that blocks it.
>
Well, in one way it is a way of writing apps - you have to write
apps that are well behaved if they are going to run with SELinux.
Then again, you should be writing apps that way anyway. You could
say that SELinux forces you to write better code. ;-)
Mikkel
--
Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20070924/c3cd0f95/attachment-0001.sig>
More information about the fedora-list
mailing list