Originally posted by rclark
View Post
Announcement
Collapse
No announcement yet.
SELinux In Linux 6.6 Removes References To Its Origins At The US NSA
Collapse
X
-
Originally posted by sarmad View PostIt's a bad technology anyway. They may as well just drop it altogether rather than only dropping the NSA reference. It's bad because it's over complicated, and when something is over complicated it leaves room for mistakes that result in security holes. I remember needing to turn it off whenever I needed to test my web server back in the days when I was using Fedora before getting fed up with SELinux and jumping distros.
- Likes 8
Comment
-
Originally posted by archkde View Post
This just doesn't make sense, it's not "Immunix AppArmor" or "NTT Tomoyo" either.Last edited by billyswong; 30 August 2023, 06:24 AM.
- Likes 1
Comment
-
The patch looks completely logical to me.
The original wording makes it sound like NSA is a sort of purveyor/company behind SELinux and should be talked to if you have any issues with SELinux which is not the case.
SELinux has been almost entirely RedHat's/community effort for the past 15 years or so.
man selinux still shows all the necessary info:
NAME
SELinux - NSA Security-Enhanced Linux (SELinux)
DESCRIPTION
NSA Security-Enhanced Linux (SELinux) is an implementation of a flexible mandatory access control architecture in the Linux operating system. The SELinux architecture provides general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type EnforcementĀ®, Role- Based Access Control, and Multi-Level Security. Background information and technical documentation about SELinux can be found at https://github.com/SELinuxProject.
- Likes 2
Comment
-
All things considered, I'm more worried about the Chinese and TikTok than I am the Americans and SELinux. One is a closed source app with ties to the Chinese Communist Party/Government that requires you to disable security protections to fully work whereas the other one is an open source security protection that tries to keep us safe from nefarious actors.
It also doesn't help that TikTok uses different algorithms for different countries and peoples and the one used for Americans and western society pushes content to intentionally divide and anger Americans.
TikTok is literally the Communist Party Propaganda Machine.
- Likes 2
Comment
-
Originally posted by skeevy420 View PostAll things considered, I'm more worried about the Chinese and TikTok than I am the Americans and SELinux. One is a closed source app with ties to the Chinese Communist Party/Government that requires you to disable security protections to fully work whereas the other one is an open source security protection that tries to keep us safe from nefarious actors.
It also doesn't help that TikTok uses different algorithms for different countries and peoples and the one used for Americans and western society pushes content to intentionally divide and anger Americans.
TikTok is literally the Communist Party Propaganda Machine.
- Likes 3
Comment
-
Selinux. the single most annoying linux component ever build. Which is imho still true to this very day.
Here'a a "fun" little story about that single feature changing my linux distro usage. Many many many years ago i was a fedora user. At that time selinux was either brand new or was just coming to regular distributions (don't quite recall which one it was), fact is that i began noticing it. In the early days that was with a true shitload of security policy notifications approving or denying requests. I think not long after that insanity Torvalds made a remark that printers should not need root? Anyhow, i digress. This never ending flow of just total linux usage pain caused me to disable selinux on every new install that had it. Problems gone, happy user
But every new install had it and did require that disabling. Over time that too fed me up so i moved to a distribution that was more aligned with my use of linux. Arch linux was that distribution. Turns out that Arch just doesn't support selinux at all. Never has and doesn't till this day (though you can get it if you want it).
Now fast forward to a couple weeks ago where i was installing a VPS node. Don't quite remember if it was using Almalinux or that other centos derived one. What usually took me a couple minutes (setting up docker and running my container) now took a couple days of debugging. My issue? I was mounting a volume inside a docker container that i wanted to modify from outside the container (think of config files). Nothing wrong with that setup, it's very common. Yet somehow docker - or rather podman specifically in this case - just downright refused to work with permission denied errors. After many head-scratching hours of debugging i went with root for the files both inside and outside of the container, that too didn't work. Something somewhere was very persistently blocking it. Noting, absolutely nothing at all, was even remotely hinting at selinux at this point. Yet upon discovering it being enabled and running, disabling it fixed my case. In hindsight the :z volume mount option would've probably saved me and play nice with selinux. Remember though, i didn't know it was selinux to cause this thus searching for fix to that permission denied error also didn't bring up any results indicating that i needed to add that option.
I wasn't expecting to be bitten that hard by selinux again, but yeah, i was. It's a monstrous dumb bullshit piece of tech that should be thoroughly killed from linux in my opinion. And yes, that's only because it's so freaking stealthy in the background where you don't even know that it is causing your troubles. It would've been much better if it somehow were communicated better. But then again, a distribution like Arch - that thrives these days - doesn't use selinux at all. So if they don't need it why would i even bother using it? The tech is pointless in my view.
I'm sure it has a special place for some people. To those: have fun with it. I've been bitten by it yet again and will very happily disable it again on new installs.
There's always the people here too who are like security addicted and enable every feature that adds more security. Fine by me, you do you, i do me. Don't try to convince me to run that garbage.
- Likes 4
Comment
Comment