Re: selinux eradicator?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Mike McCarty wrote:
Partially, my point is that any time one modifies any package, no
matter for what reason, there is the opportunity to introduce
defects. Therefore, all applications which are affected by SELinux,
potentially all of them, now have an opportunity for defects to be
introduced; a circumstance which would not occur if not for SELinux.

An earlier problem with at-spi took down a large range of programs because of a chain of programs linked to it. This has little to do with SELinux except to say that vulnerabilities which could have a domino effect could be halted from action if policy prevented abnormal operation from vulnerable programs.


Also, SELinux is itself a large chunk of code, with its own defects.

No doubt that it can become better as problems are spotted and addressed.


My bottom line: There is not overwhelming evidence that SELinux
provides a net wothwhile increase in security of non secure systems.
As long as this situation continues, then there is room for people
like Karl not to want it on his machine.

I'm not lobbying for anyone to remove it. I'm not trying to convince
anyone that it's a bad thing. I'm lobbying for people to have a CHOICE
whether to install it, without also having to exercise the choice to
use a different distro. I thinks that's only reasonable.

Why anyone would switch distros because of SELinux integration compared to the multimedia digital writes issues preventing out of the box multimedia support.

If they want it completely off of their systems maybe a new distro fork can be born from their desire to eradicate SELinux completely from their systems.

Jim


Mike


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux