[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How best get rid of SELinux?

on 9/21/2007 12:51 PM, Gene Heskett wrote:
> On Friday 21 September 2007, David Boles wrote:
>> on 9/21/2007 2:13 AM, Gene Heskett wrote:
>>> On Friday 21 September 2007, David Boles wrote:
>> This is getting OT for this list.
> I'm subscribed to the selinux list, have been for months.  The amount of 
> actual, usable info there would take an assayor a week to detect.  But I 
> maybe am about to test it by setting it to permissive on my lappy, letting it 
> relabel it and see if I have a network.
> Right now its updating itself.  Then I need to re-install ndiswrapper to match 
> the new kernel its putting in.

Hi Gene. Directed at me? You are still on FC-6 correct? It has been so
long since I used that release I am not sure what 'can of worms' you might
be opening. I honestly do understand your thoughts and feelings here.

SELinux, if I understand it correctly, is not really made to prevent *you*
from doing anything but to stop some piece of malicious or poorly written
software from trashing your system, files, 'stuff' by doing something that
is wrong. The Windows type keylogger that will someday show up in Linux.
Or SPAM relay 'bots. The cute little script that trashes fstab. Or
grub.conf. Things like these. All made up? Sure. But coming soon to a
Linux near you.   ;-)  Could be. It would be nice if the 'protection' was
here first instead of what Windows has. Which is pretty much nothing.

My son tells me that a system very similar to SELinux was being worked on
for Windows Vista and was dropped from the release when they needed to
release and they could not get it to work. I do *not* want that to happen
to Fedora. Or Linux in general.

I will tell you this. The GUI for SELinux in what will be Fedora 8 is nice
and very helpful and much progress has been made in general. That could
account for the little traffic that you mentioned seein on the selinux-list.

You want SELinux off? Go for it. Your choice. I want SELinux on. My choice.

Disabled SELinux does nothing. And the 'horrible waste of HD space' is
about, as near as I can tell something in the neighborhood of 140K. About
the size of this email maybe?  ;-)


Attachment: signature.asc
Description: OpenPGP digital signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]