On Fri, 2007-01-19 at 07:40 -0500, Stephen Smalley wrote: > Aside from rebuilding from source with selinux options disabled in the > compile-time configuration, you are correct - you cannot remove the > actual selinux bits from Fedora at runtime, although you can disable > their execution (boot with selinux=0). Performing an audit of the code > associated with disabling SELinux at boot time isn't difficult, and > doesn't require understanding the rest of the SELinux code that is never > reached in that case. > > The entire discussion of allowing one to rpm -e libselinux is a red > herring; applications already perform an is_selinux_enabled() test > before performing SELinux processing and skip it if disabled. Supporting > removal of libselinux would just mean that those applications would > first dlopen() libselinux (vs. direct calls to the libselinux functions, > which create the current fixed link-time dependency) and fall back to > the selinux-disabled code path if libselinux isn't present. But in both > cases, you are relying on the application code to follow the right > branch and to truly skip all SELinux processing when selinux isn't > enabled / libselinux isn't present. It might make a difference in terms > of code bloat (although libselinux isn't that big and you are trading > off runtime performance for the dlopen), but it doesn't change the trust > issues. It also doesn't change the situation wrt to the selinux kernel > code, which is built-in. We played around with trying to support it as > a loadable kernel module long ago, but it wasn't practical (tight > coupling with the core kernel is inherent in the goal of mediating > access to all kernel objects and requires very early initialization, > prior to normal module init), and the mainline kernel developers > actively discouraged us from pursuing it. > > -- > Stephen Smalley > National Security Agency What was the primary motivation behind NSA in the genesis of Selinux? I understand that more inductive reasoning type engineering can be beneficial, and better security is obviously the outcome; but was it because the NSA has security-related concerns to fill with Linux, (which could only be served by getting involved with the community), or was it because the military requires a higher plateau of security with it's Linux systems, or some other similar things? LX -- °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°° Off Topic or Political Discussions: http://mandrakeot.mdw1982.com/ http://www.mdw1982.com/mailman/listinfo/mandrakeot "Character is what you do when nobody's looking." - J.C. Watts °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
