[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How best get rid of SELinux?



> > Its a bit like asking for a car to come with automatic or manual
> > transmission. It isn't a last minute extra you fit like a headrest its
> > intrinsic to the very build of the system.
> 
> I guess you missed my comment (easy to do in this thread) that
> HAD IT BEEN DONE RIGHT at the start, it would be much easier than
> trying to retrofit now.

It was done right from the beginning at least unless you mean Linus
should have adopted a non-Unix MAC type security model from 0.01 ?

Security models are not add-ons. They require the underlying design is
properly compartmentalised and divided. You cannot make a system with an
insecure design secure by adding things (just ask Microsoft).

> By your own count, there are something like 50 apps which
> are SELinux aware, along with some libraries, and the kernel.
> These would need different versions, one SELinux, one not

Why ? The few code paths executed in the selinux=0 boot case are not
interesting and do no harm.

Alan


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]