Marko Vojinovic <vvmarko <at> gmail.com> writes: > > On Wednesday, September 01, 2010 18:29:13 JB wrote: > > Please feel free to add some thoughts to my modest idea of the future > > concept of security. > > Since you are apparently serious about this, let me try to help a little > (remember, you asked for it! ...): > Thanks. It was my intention to induce a reaction to my post. Your opinion is appreciated, regardless of whether friendly or not :-) Remember, we do it here not only for ourselves, but for other people who are sitting on the fences as well ... > > > - it should be configurable: > > - by sys admin and user (selectively) > > Any system-wide configuration is done by root, or delegated by sudo. SELinux > is not different here than any other security system in Linux. > I meant an option for a user to be able to select granularity of diagnostics. There could be more user customization - we would let the users speak. > ... > > - dynamically > > I am not sure what you mean by this, because "dynamics" in general refers to > "changing in time", which is already covered above. > Not exactly. I meant like changing config on demand (in the spirit of on-demand/dynamic loading of config modules, libraries, etc), with an immediate effect, w/o additional steps (daemon restarts to reread config files, etc). > ... > > - it should be self-contained, installable and removable at any time, > > without influencing the system > > No serious security system can run entirely in userspace, they are all > implemented in the kernel. Standard UNIX permissions, firewall, SELinux, you > name it. That said, SELinux and firewall can be enabled/disabled by root in a > whim, while with the permissions system it is far from easy (to disable it one > would need to do a filesystem-wide chmod and chown, while reenabling it > afterwards is almost impossible). > Have you seen how many people asked about it (hint: search Google) ? Why these pesky, little, *%#@$?! bugs want to do it ? Can you remove SELinux as a package (not disable), completely and safely ? How about by all related packages ? # # rpm -qa | grep -i selinux libselinux-python-2.0.90-5.fc13.i686 selinux-policy-targeted-3.7.19-51.fc13.noarch selinux-policy-3.7.19-51.fc13.noarch libselinux-2.0.90-5.fc13.i686 libselinux-utils-2.0.90-5.fc13.i686 Try it: # yum remove *selinux* Btw, you omitted other reasons people feel funny about this software. They expressed their feelings in various posts here. I doubt it very much you can change people's opinion (however irrational it may be) when it is based on their ideological/philosophical grounds. Thanks for sharing your opinion with us. JB -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
