How best get rid of SELinux?
Arthur Pemberton
pemboa at gmail.com
Mon Sep 24 21:55:13 UTC 2007
On 9/24/07, Mikkel L. Ellertson <mikkel at infinity-ltd.com> wrote:
> Alan M. Evans wrote:
> > On Mon, 2007-09-24 at 15:58 -0500, Mike McCarty wrote:
> >
> >> Because SELinux is not a "thing", it is a way of writing apps.
> >
> > No, no no! How many times does this have to be explained?
> >
> > Applications don't need to know anything about SELinux in order to be
> > under its purview. Only applications that need to interact with SELinux
> > in some way need to know about it. I can easily write a program that
> > tries to open a forbidden resource and SELinux can most easily prevent
> > it despite that my application only #includes stdio.h and knows nothing
> > of the hidden hand that blocks it.
> >
> Well, in one way it is a way of writing apps - you have to write
> apps that are well behaved if they are going to run with SELinux.
> Then again, you should be writing apps that way anyway. You could
> say that SELinux forces you to write better code. ;-)
>
> Mikkel
change "with" to "under", since most people are running SELinux in targeted mode
--
Fedora 7 : sipping some of that moonshine
( www.pembo13.com )
More information about the fedora-list
mailing list