How best get rid of SELinux?

[Mike McCarty]

Arthur Pemberton wrote:
> On 9/21/07, Mike McCarty <Mike.McCarty at sbcglobal.net> wrote:
> 
>>Arthur Pemberton wrote:
>>
>>>On 9/21/07, Mike McCarty <Mike.McCarty at sbcglobal.net> wrote:
>>>
>>>
>>>>Arthur Pemberton wrote:
>>>>
>>>>
>>>>>That comment doesn't seem to have been written with the intention of
>>>>>attracting constructive responses. I fear sysadmins who are always
>>>>>quick to say that they don't have time.
>>>>
>>>>I fear people who believe that they know better than me what
>>>>software to install and run on my own machine.
>>>
>>>
>>>Feel free to point those people out.
>>>
>>
>>Arthur Pemberton, for one.
> 
> 
> I have not argued that _you_ should run SELinux. I'm just arguing that
> SELinux is the waste of time that people make it seem.
> 
> If I did infact attempt to tell you what software should run on your
> own machine, my apologies. However, removing SELinux wholesale takes

Accepted.

> away my opportunity to use it, keeping it allows you to use it, or
> disable it.

Umm, I haven't lobbied for that. What I have lobbied for is the
ability to install or not. I haven't lobbied for removing it.
If you want to run SELinux, fine for you. I don't. I don't want
it on my machine. So far, RH has provided tools which only know
how to install a version of Linux which has SELinux in it. I'd
like the option NOT to install it, and have it not be on my
machine.

When I installed, there were a LOT of packages I chose not to
install. Like PERL DEVEL, for example. I don't have little bits
and pieces of PERL DEVEL running at odd moments and doing little
things, waking up and realizing they have nothing to do, then
going back to sleep every so often. How would you feel if the
PERL DEVEL package (or pick any other package you didn't want,
say Open Office) ALWAYS installed, running every so often, checking
if you wanted them to do something, deciding that you didn't
and then go back to sleep?

What if GCC were a non-optional part of the distro, and that
it woke up several times a second, checked for files to
compile in the "to be compiled spool queue", and then
would go back to sleep? Each time a file got saved from an
editor, it would wake up and check for a .C or .H extension,
check it's enforcement rules, and if it thought it needed
to would automatically kick off a compile. And you couldn't
remove it?

Wouldn't you have a natural reaction of WTH IS THAT CRAP DOING
ON MY MACHINE? I didn't want to install it!

Would you be mollified by "Well, all you have to do is
set a flag, and then every time GCC woke up, it would
know that you didn't want to compile, and it would go
back to sleep, but it would be even better if you developed
a good set of rules so it could automatically compile
for you when you need it."? And if you argued "I don't
EVER want to compile like that" the answer is "But you
SHOULD, and we're not all going to do things your way!
And if we remove that, then those of us who want it
won't have it!"

What if ALL the development packages worked that way?
PERL, TCL, GCC, G++, FORTRAN, PASCAL, all those compilers
get a shot at files when they get saved, and based
on rules they would take action. If you don't want
that, well just set the "disable" flag for each of them.
Open Office. You name it. Make all of them get a shot
at each file and see what they need to do.

Ridiculous?

Well, that's my reaction to SELinux. I don't want it, and
see no reason for me to put up with it if I don't care to,
even in a "disabled" state.

Frankly, I don't understand why ANYONE would not prefer
things the way I see them. I don't understand the idea
of installing lots of code, which wakes up and realizes
it has nothing to do over and over, by noting a "disabled"
flag. Translate what we're being asked to accept with
SELinux to other packages, and it seems ludicrous.[*]

ISTM that a preferable way to handle it is to change the
implementation such that one simply does not install
what one does not want. The fact that a "disable" state
exists proves that some, at least, of the supporters
and developers of SELinux recognize that not everyone
will want it. Why force those who don't want it to install
it, run it, but make it do nothing?

[*] Well, it does to me, anyway. If the scenarios I described
above seem natural to you, then we don't have much in common.

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!