How best get rid of SELinux?

[Mike McCarty]

Tim wrote:
> On Thu, 2007-09-20 at 15:36 -0500, Mike McCarty wrote:
> 
>>It's too bad that Red Hat has jumped on the SELinux bandwagon
>>so wholeheartedly. That is, it is for those of us who don't like
>>it, but want to use Red Hat products or projects. 
> 
> 
> One of the (almost) unsung benefits of it is to do with created
> software.  
> 
> If the programmers use a system with SELinux, they're forced into
> writing their software better.  And we end up with software which

They are forced into writing it SELinux aware. That is not
part of my definition of "better".

[snip]

> On the other hand, without any SELinux, trying to make your system
> secure, when you're using programs that the software authors had
> free-range to do any old crap in the first place, is much more
> difficult.

I don't like to load and run crap. Do you?
That's one reason I don't have SELinux enabled on the machines
I administer. Not all of them are FC2, BTW.

Note that SELinux does not attempt to make a machine more
secure, except in a very general sense. It attempts to mitigate
damage on a machine WHICH IS ALREADY COMPROMISED.

It does little AFAICT to prevent compromise.

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!