SELinux

Mike McCarty Mike.McCarty at sbcglobal.net
Thu Jan 20 07:37:38 UTC 2011 

Kostas Sfakiotakis wrote:

[...]

> Since i started this thread , let me clarify something . All i was
> trying to do was to open a pdf file  simple as that  and i do believe
> that on my computer am pretty much entitled to do so .

I'd like to help you clarify your thinking, as well.

[...]

> Well i wasn´t trying to force anything by switching to the root user . I
> wasn´t trying to force anything at all . I was just trying to open a manual
> ( a pdf file ) .

Every two hundred lines of code, statistically, has a defect in it.
Every additional line of code which is compiled and loaded into
your machine is a 1/2 % chance of a defect. SELinux is big. Very
big. By Red Hat's own estimate 40 applications had to be modified
to accomodate it, along with the kernel and compiler. By application,
I mean non system programs, like mv, ls, cp, tar, cpio, etc.

I see no need for SELinux on what is, while potentially multi user,
essentially single user system. I run behind two (count 'em) two
hardware firewalls both of them doing NAT. I've never had one,
not even one, IP tables violation. I've never had even one attempt
to access my machine at all. I don't run Apache, sshd, or any other
server which would allow ingress to my machine. I've never have anyone
even attempt to get root access but me.

I've had arguments with the Red Hat development team about it, and
they insist SELinux _must_ be there. Well, if I had a real server, and
not a desktop single user machine, I _might_ agree. I might not.

However, I like to control what is on my own machine. So, as a
consequence, I've been building my own Linux, and am gradually
leaving all Red Hat products behind.

Perhaps you should investigate LFS (Linux From Scratch). It isn't
that hard to build your own custom system which has exactly what
you want on it, no more and no less.

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I speak only for myself, and I am unanimous in that!

More information about the users mailing list