Mike McCarty wrote:
Partially, my point is that any time one modifies any package, no matter for what reason, there is the opportunity to introduce defects. Therefore, all applications which are affected by SELinux, potentially all of them, now have an opportunity for defects to be introduced; a circumstance which would not occur if not for SELinux.
An earlier problem with at-spi took down a large range of programs because of a chain of programs linked to it. This has little to do with SELinux except to say that vulnerabilities which could have a domino effect could be halted from action if policy prevented abnormal operation from vulnerable programs.
Also, SELinux is itself a large chunk of code, with its own defects.
No doubt that it can become better as problems are spotted and addressed.
My bottom line: There is not overwhelming evidence that SELinux provides a net wothwhile increase in security of non secure systems. As long as this situation continues, then there is room for people like Karl not to want it on his machine. I'm not lobbying for anyone to remove it. I'm not trying to convince anyone that it's a bad thing. I'm lobbying for people to have a CHOICE whether to install it, without also having to exercise the choice to use a different distro. I thinks that's only reasonable.
Why anyone would switch distros because of SELinux integration compared to the multimedia digital writes issues preventing out of the box multimedia support.
If they want it completely off of their systems maybe a new distro fork can be born from their desire to eradicate SELinux completely from their systems.
Jim
Mike
