Tim wrote:
> Still just playing the devil's advocate... I had also thought of
> giving it a dummy, for things that insist on it. I'd hazard a guess
> that the many things built to accomodate SELinux don't actually
> require it, to do their job (they did their job before SELinux was
> added to the pot). They're rebuilt to use the filing system in a
> way compatible with SELinux (saving with the right contexts, etc.).
I think you're right on with that. I'd have to check, but I believe
that mock includes some sort of dummy libselinux to enable building
packages in chrooted setups. If I'm recalling that correctly, then
that could probably be taken and packaged into an rpm by someone that
didn't want to have any selinux bits on their system.
There are, of course many more reasonable things to be worried about
though. The paranoid folks here ought to consider whether they should
be running mplayer or xine or any of the many desktop apps that
haven't been audited for security.
Any TLA's or other nefarious groups would surely have a far easier
time finding holes to exploit in existing software than they would in
working a backdoor into a part of the kernel's code that is designed
for security and attracts the attention of some very smart developers.
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
======================================================================
Good Government is an oxymoron.
-- Legare
Attachment:
pgpcmTQPmRdf0.pgp
Description: PGP signature
