On Tue, 2007-01-16 at 15:54 +1030, Tim wrote: > > I'd be inclined to try using something other than YUM, though. Having > read messages about yum removing one package resulting in the complete > removal of Gnome or KDE, etc... > > Of course, you don't have to use the provided kernels, likewise for > other packages. You could roll your own without any dependency on > SELinux. Though that rather obviates the purpose for using a distro. The only line of attack I see right now is an inadequate one, which basically involves taking out libselinux. Attempting to do so evokes the following: [root@localhost ~]# rpm -ev libselinux error: Failed dependencies: libselinux.so.1 is needed by (installed) device-mapper-1.02.02-3.2.i386 libselinux.so.1 is needed by (installed) findutils-4.2.27-4.i386 libselinux.so.1 is needed by (installed) coreutils-5.93-7.2.i386 libselinux.so.1 is needed by (installed) rpm-libs-4.4.2-15.2.i386 libselinux.so.1 is needed by (installed) rpm-4.4.2-15.2.i386 libselinux.so.1 is needed by (installed) net-tools-1.60-62.1.i386 libselinux.so.1 is needed by (installed) lvm2-2.02.01-1.2.1.i386 libselinux.so.1 is needed by (installed) logrotate-3.7.3-2.2.1.i386 libselinux.so.1 is needed by (installed) libuser-0.54.5-1.i386 libselinux.so.1 is needed by (installed) SysVinit-2.86-2.2.2.i386 libselinux.so.1 is needed by (installed) passwd-0.71-3.2.i386 libselinux.so.1 is needed by (installed) usermode-1.85-2.2.i386 libselinux.so.1 is needed by (installed) at-3.1.8-81.1.i386 libselinux.so.1 is needed by (installed) nscd-2.4-4.i386 libselinux.so.1 is needed by (installed) dmraid-1.0.0.rc9-FC5_5.2.i386 libselinux.so.1 is needed by (installed) MAKEDEV-3.21-3.i386 libselinux.so.1 is needed by (installed) udev-084-13.i386 libselinux.so.1 is needed by (installed) vim-minimal-6.4.007-4.i386 libselinux.so.1 is needed by (installed) rpm-build-4.4.2-15.2.i386 libselinux.so.1 is needed by (installed) parted-1.6.25-8.i386 libselinux.so.1 is needed by (installed) nss_db-2.2-35.i386 libselinux.so.1 is needed by (installed) vixie-cron-4.1-54.FC5.i386 libselinux.so.1 is needed by (installed) prelink-0.3.6-3.i386 libselinux.so.1 is needed by (installed) shadow-utils-4.0.14-6.FC5.i386 libselinux.so.1 is needed by (installed) libsemanage-1.6.2-2.fc5.i386 libselinux.so.1 is needed by (installed) psmisc-22.1.03072006cvs-1.1.i386 libselinux.so.1 is needed by (installed) libselinux-python-1.30-1.fc5.i386 libselinux.so.1 is needed by (installed) policycoreutils-1.30.1-3.fc5.i386 libselinux.so.1 is needed by (installed) util-linux-2.13-0.20.1.i386 libselinux.so.1 is needed by (installed) libsetrans-0.1.20-1.fc5.i386 libselinux.so.1 is needed by (installed) httpd-2.2.0-5.1.2.i386 libselinux.so.1 is needed by (installed) dbus-0.61-3.fc5.1.i386 libselinux.so.1 is needed by (installed) pam-0.99.5.0-5.fc5.i386 libselinux.so.1 is needed by (installed) usermode-gtk-1.85-2.2.i386 libselinux.so.1 is needed by (installed) vim-X11-7.0.042-0.fc5.i386 libselinux.so.1 is needed by (installed) vim-enhanced-7.0.042-0.fc5.i386 libselinux.so.1 is needed by (installed) openssh-server-4.3p2-4.11.fc5.i386 libselinux >= 1.25.6-1 is needed by (installed) coreutils-5.93-7.2.i386 libselinux >= 1.21.10-1 is needed by (installed) SysVinit-2.86-2.2.2.i386 libselinux >= 1.17.10-1 is needed by (installed) nscd-2.4-4.i386 libselinux >= 0:1.17.9-2 is needed by (installed) udev-084-13.i386 libselinux >= 1.25.2-1 is needed by (installed) vixie-cron-4.1-54.FC5.i386 libselinux >= 1.25.2-1 is needed by (installed) shadow-utils-4.0.14-6.FC5.i386 libselinux = 1.30-1.fc5 is needed by (installed) libselinux-python-1.30-1.fc5.i386 libselinux >= 1.15.2 is needed by (installed) dbus-0.61-3.fc5.1.i386 libselinux >= 1.17.14-1 is needed by (installed) hal-0.5.7-3.fc5.1.i386 libselinux >= 1.27.7 is needed by (installed) pam-0.99.5.0-5.fc5.i386 libselinux >= 1.27.7 is needed by (installed) openssh-4.3p2-4.11.fc5.i386 libselinux >= 1.19.1 is needed by (installed) system-config-securitylevel-1.6.16-3.i386 Which I think could be successfully done with a force and nodeps, as long as you have selinux=0 on the grub boot line; however even if you did so this still wouldn't address the presence of the selinux modules in the kernel. Selinux=0 may completely evacuate all selinux code from the boot process. Then, on the other hand, it may not. LX