How best get rid of SELinux?
Alan Cox
alan at lxorguk.ukuu.org.uk
Mon Sep 24 22:33:54 UTC 2007
> > Its a bit like asking for a car to come with automatic or manual
> > transmission. It isn't a last minute extra you fit like a headrest its
> > intrinsic to the very build of the system.
>
> I guess you missed my comment (easy to do in this thread) that
> HAD IT BEEN DONE RIGHT at the start, it would be much easier than
> trying to retrofit now.
It was done right from the beginning at least unless you mean Linus
should have adopted a non-Unix MAC type security model from 0.01 ?
Security models are not add-ons. They require the underlying design is
properly compartmentalised and divided. You cannot make a system with an
insecure design secure by adding things (just ask Microsoft).
> By your own count, there are something like 50 apps which
> are SELinux aware, along with some libraries, and the kernel.
> These would need different versions, one SELinux, one not
Why ? The few code paths executed in the selinux=0 boot case are not
interesting and do no harm.
Alan
More information about the users
mailing list