[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How best get rid of SELinux?



On Fri, 21 Sep 2007 15:52:51 -0400, David Boles wrote:

[....]
> SELinux, if I understand it correctly, is not really made to prevent
> *you* from doing anything but to stop some piece of malicious or poorly
> written software from trashing your system, files, 'stuff' by doing
> something that is wrong. The Windows type keylogger that will someday
> show up in Linux. Or SPAM relay 'bots. The cute little script that
> trashes fstab. Or grub.conf. Things like these. All made up? Sure. But
> coming soon to a Linux near you.   ;-)  Could be. It would be nice if
> the 'protection' was here first instead of what Windows has. Which is
> pretty much nothing.
[...] 
> I will tell you this. The GUI for SELinux in what will be Fedora 8 is
> nice and very helpful and much progress has been made in general. That
> could account for the little traffic that you mentioned seeing on the
> selinux-list.
> 
> You want SELinux off? Go for it. Your choice. I want SELinux on. My
> choice.
> 
> Disabled SELinux does nothing. And the 'horrible waste of HD space' is
> about, as near as I can tell something in the neighborhood of 140K.
> About the size of this email maybe?  ;-)

	This whole discussion has been very helpful; the comparison of 
space to one email is especially so. My thanks to all! 

	And I'll take a good look at the new GUI when I install F8, 
before I do any disabling. What is nice and helpful to those who know the 
most may or may not be so to those of us on the other end of the teeter-
totter; but I'll keep my hopes up.

	Here's a quote from some starlet I know nothing else of : "I try 
to be cynical, but I just can't keep up." Make that "paranoid" instead of 
"cynical" and you have the case of those like me who so abominate M$ and 
all its works (and, in some cases, ditto Apple) that we run without 
really knowing how to tell whether we've been compromised, nor what to do 
if we are.

	The best solution I know of is to run every defense you can and 
still be able to operate; hence my reluctance to eliminate SELinux any 
sooner. But defenses you can't run also interfere; and up till now I'm 
quite sure I can't begin to "run" SELinux in any way worth the name. It 
remained present, if not active, so long as it didn't get in the way; it 
was all those irritating popups, beyond my understanding, that led me to 
disabling. I hope they're either gone, or a lot more helpful ...

-- 
Beartooth Staffwright, PhD, Neo-Redneck Linux Convert
Remember I know precious little of what I am talking about.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]