On Thu, 2007-01-18 at 18:05 -0800, Peter Gordon wrote: > On Thu, 2007-01-18 at 10:15 -0500, Lyvim Xaphir wrote: > > The story is more complex than that of course, but the experience was > > very instructional. Todd Zullinger was correct in his suggestion that a > > distro switch would be the most efficient way to get rid of selinux. > > > > Not at all. Anaconda explicitly gives you the option of installing > SELinux in enforcing (blocks unauthorized access attempts), passive > (makes an AVC log entry of, but does not block unauthorized attempts), > or entirely not at all (reverting to the standard user/group/other > discretionary access controls). You don't understand what is being said, or you haven't read, or both. When I say "get rid of selinux", I mean exactly that; the whole enchilada. Libs, kernel modules, the works. Your approach does in no way achieve that objective. We already *know* how to "disable" or make selinux inactive. That should be starkly apparent from the copious messages in these threads; not sure how you could have missed that. Our point (confirmed experimentally and also painfully) is that the selibs/kmods are going to be there no matter what, requiring a recompile of userspace apps to be independent of them. This was subsequently confirmed by Dr Smalley of the National Security Agency. LX -- °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°° Off Topic or Political Discussions: http://mandrakeot.mdw1982.com/ http://www.mdw1982.com/mailman/listinfo/mandrakeot "Character is what you do when nobody's looking." - J.C. Watts °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
