Tim wrote: > Taking the opposite line of attack, it is possible to completely > remove it from a Linux installation, isn't it? Aside from disabling it by passing selinux=0 on the kernel command line (which I'm sure you know about), you could also uncheck the "NSA SELinux Support" in the kernel config and build a kernel with no selinux support. There are many applications that are compiled with support for selinux that depend on libselinux. If you wanted to get rid of that I think you'd need to recompile those applications or build a dummy libselinux package that provided some sort of stub library. I've not tried any of these things. If I really didn't want my OS to have any parts of selinux in it, I'd probably choose a different distro. As I understand it, Novell/Suse is pushing AppArmor instead of SELinux. I don't know what other distros use or don't use selinux, but I'm sure google could find out (or distrowatch.org). -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ====================================================================== What it means to take rights seriously is that one will honor them even when there is a significant social cost in doing so. -- Ronald Dworkin
Attachment:
pgpWJynXxczED.pgp
Description: PGP signature