Tim wrote:
> Taking the opposite line of attack, it is possible to completely
> remove it from a Linux installation, isn't it?
Aside from disabling it by passing selinux=0 on the kernel command
line (which I'm sure you know about), you could also uncheck the "NSA
SELinux Support" in the kernel config and build a kernel with no
selinux support.
There are many applications that are compiled with support for selinux
that depend on libselinux. If you wanted to get rid of that I think
you'd need to recompile those applications or build a dummy libselinux
package that provided some sort of stub library.
I've not tried any of these things. If I really didn't want my OS to
have any parts of selinux in it, I'd probably choose a different
distro. As I understand it, Novell/Suse is pushing AppArmor instead
of SELinux. I don't know what other distros use or don't use selinux,
but I'm sure google could find out (or distrowatch.org).
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
======================================================================
What it means to take rights seriously is that one will honor them
even when there is a significant social cost in doing so.
-- Ronald Dworkin
Attachment:
pgpWJynXxczED.pgp
Description: PGP signature
