Re: selinux eradicator?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tom Horsley wrote:
The most actively updated selinux package is selinux-policy. So you should be able to remove this without too many dependencies.

policycoreutils does have lots of packages that require it so getting rid of it will be a problem. libselinux is a core library which you can't remove. libsemanage and libsepol are required by policycoreutils.

So I would just remove selinux-policy-* and you should see far less updates.

That seemed to work. I also found I could remove the setroubleshoot
stuff with no dependency issues. Any of the remaining packages seem
to transitively drag in every other rpm on the system :-).

Thanks.


Have you tried running setroubleshoot with SELInux enabled or in permissive? I recently enabled it on my sandboxed server and the program made it fairly easy to get the system functioning as it should function. I noticed some actions which I did not want allowed also in the process. Though the server is sandboxed, my XP computer is exposed to a large group of users and the Internet access. If the XP computer ended up being "owned" the sandboxed server could be compromised. SELinux is now active on most computers since it is easier to diagnose problems, report misbehaving programs in a security sense.

Jim


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux