How NSA access was built into Windows
Todd Zullinger
tmz at pobox.com
Tue Jan 16 05:30:18 UTC 2007
Tim wrote:
> Taking the opposite line of attack, it is possible to completely
> remove it from a Linux installation, isn't it?
Aside from disabling it by passing selinux=0 on the kernel command
line (which I'm sure you know about), you could also uncheck the "NSA
SELinux Support" in the kernel config and build a kernel with no
selinux support.
There are many applications that are compiled with support for selinux
that depend on libselinux. If you wanted to get rid of that I think
you'd need to recompile those applications or build a dummy libselinux
package that provided some sort of stub library.
I've not tried any of these things. If I really didn't want my OS to
have any parts of selinux in it, I'd probably choose a different
distro. As I understand it, Novell/Suse is pushing AppArmor instead
of SELinux. I don't know what other distros use or don't use selinux,
but I'm sure google could find out (or distrowatch.org).
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
======================================================================
What it means to take rights seriously is that one will honor them
even when there is a significant social cost in doing so.
-- Ronald Dworkin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20070116/3d6628f3/attachment-0002.bin
More information about the users
mailing list