How best get rid of SELinux?

[Mike McCarty]

Res wrote:

[snip]

> So why is it mandaroty to install it, its bloatware, I mean you dont 
> install
> bind, apache, mysql and christ knows whatever else on a server (or desktop
> for that matter) if you have no intentions of running or using that 
> service, so its much the same situation.

I'll take the other side of the fence for a second...

Because SELinux is not a "thing", it is a way of writing apps.
In order to put SELinux into place, they modified 50 or so apps.
Each of these would need to be split into pieces, and the pieces
put into shared objects, and the shared objects shipped in two
forms, one with SELinux it them, and one not, or the apps themselves
would need to be shipped in two forms, one with and one without
SELinux.

It's a pervasive sort of thing.

So, the QA would be greater, and the packaging effort would increase.

The changes to the installer wouldn't be all that great, I suppose.
Also, it would be easy not to install the GUI and management programs.

But not the apps which are "SELinux aware", like "ls", "mv", "cp",
"ps", "install", "login", "ssh", etc. They all have code in them
specific to SELinux. And really not to install SELinux would require two
copies of "ls" and "find", as an example.

Presumably, RH is of the opinion that it would be expending effort
for very little if any return.

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!