not installing SELinux with Fedora
stewartetcie at canada.com
stewartetcie at canada.com
Sun Jun 19 18:22:28 UTC 2005
On 6/9/05, I <stewartetcie at canada.com> wrote:
Users of Fedora Core 4 want to know, how do we not,
repeat not, install SELinux?
Steve Grubb <linux_4ever at yahoo.com> replied:
>Why would you want to do that? Its better to fix
>problems than avoid them.
>SE Linux has to be installed. libselinux is linked to
>many apps and the KERNEL is compiled with support for
>SE Linux. You can disable it, but you have to install
>it.
Chris Bell <christofer.c.bell at gmail.com> replied:
>Since you're already familiar how to disable SELinux,
>the short answer to your question is, "you can't."
Please allow me to reply to these responses.
Steve, take a look at "sHype: Secure Hypervisor
Approach to Trusted Virtualized Systems" an IBM
research report published on February 2, 2005. On page
6, the authors say:
"Mandatory access control has been designed and
implemented for the Linux operating system (cf. SELinux
[1]). However, controlling access of processes to
kernel data structures has led to an extremely complex
security policy. Therefore, SELinux does not enforce
strong isolation properties equivalent to those offered
when running applications on separate hardware
platforms. Operating system security controls such as
those offered by SELinux are more appropriate for
enforcing mandatory access control among a set of
closely cooperating applications, which naturally share
a hardware platform. In a hypervisor system, there are
few resources shared on the virtualization level. This
results in simple security policies when compared to
those for operating system controls."
The point is that SELinux is: (1) so complex as to be
unmanageable; (2) inappropriate for all cases,
virtualization being a case in point. By the way, sHype
is available as a patch for Xen, which is distributed
with Fedora Core 4.
On a more general note Steve, take a look at Ken
Thompson's 1984 ACM Turing Award lecture, "Reflections
on Trusting Trust" wherein the author of the UNIX
operating system illustrates why you shouldn't trust
sneaky folks like him. By extension, I'm a little
suspicious of the NSA's motives in distributing a
system for mandatory access control that is needlessly
complex and, essentially, unmanageable at a time when
snort and tripwire, for example, are widely available
and a stateful firewall is built into the Linux kernel.
Chris and Steve, you're abolutely correct. Fedora is
the only widely used Linux distribution to incorporate
SELinux in such a manner that it cannot be removed. If
its so important, how come everybody else can get along
without it? Perhaps we might consider an alternative
Fedora Core 4 distro that is free of this one-stop
security panacea?
Yours truly,
STEWART & CIE.
Steve Stewart
More information about the selinux
mailing list