Re: How NSA access was built into Windows

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tim wrote:
> Taking the opposite line of attack, it is possible to completely
> remove it from a Linux installation, isn't it?

Aside from disabling it by passing selinux=0 on the kernel command
line (which I'm sure you know about), you could also uncheck the "NSA
SELinux Support" in the kernel config and build a kernel with no
selinux support.

There are many applications that are compiled with support for selinux
that depend on libselinux.  If you wanted to get rid of that I think
you'd need to recompile those applications or build a dummy libselinux
package that provided some sort of stub library.

I've not tried any of these things.  If I really didn't want my OS to
have any parts of selinux in it, I'd probably choose a different
distro.  As I understand it, Novell/Suse is pushing AppArmor instead
of SELinux.  I don't know what other distros use or don't use selinux,
but I'm sure google could find out (or distrowatch.org).

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
======================================================================
What it means to take rights seriously is that one will honor them
even when there is a significant social cost in doing so.
    -- Ronald Dworkin

Attachment: pgpWJynXxczED.pgp
Description: PGP signature


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux