wild and crazy selinux dependencies?
Marko Vojinovic
vvmarko at panet.co.yu
Thu Oct 9 12:02:52 UTC 2008
On Wednesday 08 October 2008 19:58, Daniel J Walsh wrote:
> Tom Horsley wrote:
> > I was just trying to remove as many selinux related packages as possible
> > (a fedora 9 system) to avoid having to download their updates when I have
> > selinux turned off anyway.
[snip]
> > Several of the rpms I tried to erase want to drag all kinds of ridiculous
> > stuff with them, and I'm just sort of curious why.
>
> All of these are executing restorecon in order to set file context in
> their post install correctly.
And I would guess more and more of such apps will do so in future. Try to
remove the chmod and chown commands --- how many packages depend on them? :-)
I would suggest getting used to having selinux around. In the near future,
trying to remove it will be equivalent to trying to remove the old file
permissions system. Is it even possible to have a working Linux system with
everything related to permissions pulled out (sanity aside)? I doubt. And I
also guess that in the times to come selinux is going to be fixed in
enforcing mode, without the ability to shut it down. And this is a Good
Thing. In general, you want a system with active selinux as much as a system
with file permissions. Security.
Best, :-)
Marko
More information about the fedora-list
mailing list