On Tue, 2007-01-16 at 00:30 -0500, Todd Zullinger wrote: > Tim wrote: > > Taking the opposite line of attack, it is possible to completely > > remove it from a Linux installation, isn't it? > > Aside from disabling it by passing selinux=0 on the kernel command > line (which I'm sure you know about), you could also uncheck the "NSA > SELinux Support" in the kernel config and build a kernel with no > selinux support. > > There are many applications that are compiled with support for selinux > that depend on libselinux. If you wanted to get rid of that I think > you'd need to recompile those applications or build a dummy libselinux > package that provided some sort of stub library. > > I've not tried any of these things. If I really didn't want my OS to > have any parts of selinux in it, I'd probably choose a different > distro. As I understand it, Novell/Suse is pushing AppArmor instead > of SELinux. I don't know what other distros use or don't use selinux, > but I'm sure google could find out (or distrowatch.org). You are absolutely right about the applications being compiled for libselinux. I tested this the hard way by ripping it out with rpm -ev --nodeps. Basically it hosed the system; the box would not even boot anymore. Kernel panic reared it's head early on in the boot process. Root pivots are useless in this case, because the core system is nonfunctional. Chroot with the rescue cd if you like (btw there's a bug in the FC5 edition of that) but no dice. I got everything back, but I had to do an FC5 to FC5 "upgrade" with the Unity respin dvd. It was still a mess after that, I had to do spot checks and replace what had been hosed by the upgrade "fix". The whole thing also left me wishing that I had backed up my grub.conf. The silver lining to all this is that I went ahead and upgraded to the 2257 kernel. yay? LX -- °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°° Off Topic or Political Discussions: http://mandrakeot.mdw1982.com/ http://www.mdw1982.com/mailman/listinfo/mandrakeot "Character is what you do when nobody's looking." - J.C. Watts °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°