Tom Horsley wrote:
The most actively updated selinux package is selinux-policy. So you
should be able to remove this without too many dependencies.
policycoreutils does have lots of packages that require it so getting
rid of it will be a problem. libselinux is a core library which you
can't remove. libsemanage and libsepol are required by policycoreutils.
So I would just remove selinux-policy-* and you should see far less updates.
That seemed to work. I also found I could remove the setroubleshoot
stuff with no dependency issues. Any of the remaining packages seem
to transitively drag in every other rpm on the system :-).
Have you tried running setroubleshoot with SELInux enabled or in
permissive? I recently enabled it on my sandboxed server and the program
made it fairly easy to get the system functioning as it should function.
I noticed some actions which I did not want allowed also in the process.
Though the server is sandboxed, my XP computer is exposed to a large
group of users and the Internet access. If the XP computer ended up
being "owned" the sandboxed server could be compromised.
SELinux is now active on most computers since it is easier to diagnose
problems, report misbehaving programs in a security sense.