How best get rid of SELinux?

Fri Sep 21 20:33:06 UTC 2007

Alan M. Evans wrote:
> On Fri, 2007-09-21 at 13:10 -0500, Mike McCarty wrote:
> 
> 
>>The thing I want is for it not to be present on my machine.[*]
> 
> 
> And I want my system to have it, since I see the value in it and my log

Ok. Fine. I have no desire to control what gets loaded
onto your machine.

> files confirm it. Which one of us gets what we want? Or are you
> suggesting that Fedora ship two completely different spins with
> incompatible packages in each?

Umm, you are stating requirements in terms of design. I don't care
how RH manages it, so long as those who don't want SELinux on
their machines do not have to install and run pieces of it regardless.

If it can be managed by having a loadable module for the kernel,
and load libraries which have empty stubs, then that probably would
be adequate. I'm not an expert at Linux packaging, so I don't know
what would be a reasonable approach to providing a version of Linux
which could run with optionally installed SELinux, or without it
installed at all. I'm sure others here know how feasible that is.

If it isn't feasible, then I suggest that this is a good opportunity
for enhancing Linux so that such options ARE feasible.

>>If it is there, it is taking up space, eating cycles, and introducing
>>defects.
> 
> If this is your philosophy generally, then surely you must compile your
> kernel and base libs by hand with each new release, because there's a
> tone of stuff that ships in there that you don't need. It's all taking
> up space, eating cycles, and introducing defects. Why don't you then
> simply compile SELinux out of your system?

I have considered that, and I have a version of Linux From Scratch
on my machine, which I am actively investigating. I'd prefer not
to do my own spin, so I'm also investigating SLAX and other distros.
I can't go on with FC2 forever, I trow. If I can find a distro which
does not have stuff I really object to in it, then I'll use that.
Failing that, then I'll do exactly what you propose. But not for
"each release". No way. Much less often than that.

I had considered Gentoo for precisely that reason. It is source release.
But, they've contaminated it, I believe. However, it might be a good
jumping off point, since it is already set up to be easy to build.
If replacing the key sources with those from upstream is easy, then
it might be a good way to get started. Download the latest version,
replace the key sources with those from which they were derived,
and then build. Perhaps some simple scripts or programs could be
written to make the SELinux parts optionally compilable, and then
Gentoo could easily be shipped in two versions. Perhaps I should
contact the Gentoo dev. group.

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!