I didn't use SELinux specifically but way way back in the day I wrote my own LSM (Linux Security Module) for grad school that used the same OS hooks as SE Linux for Domain & Type Enforcement in grad school. It was fun showing root failing to delete the /bin directory in a live demo.
Announcement
Collapse
No announcement yet.
SELinux In Linux 6.6 Removes References To Its Origins At The US NSA
Collapse
X
-
Originally posted by sarmad View PostIt's a bad technology anyway. They may as well just drop it altogether rather than only dropping the NSA reference. It's bad because it's over complicated, and when something is over complicated it leaves room for mistakes that result in security holes. I remember needing to turn it off whenever I needed to test my web server back in the days when I was using Fedora before getting fed up with SELinux and jumping distros.
- Likes 3
Comment
-
Originally posted by sarmad View PostIt's a bad technology anyway. They may as well just drop it altogether rather than only dropping the NSA reference. It's bad because it's over complicated, and when something is over complicated it leaves room for mistakes that result in security holes. I remember needing to turn it off whenever I needed to test my web server back in the days when I was using Fedora before getting fed up with SELinux and jumping distros.
While i just posted a way longer version of my selinux story, yours sums up my early-on experience with it (distro hopping included) quite well.
- Likes 2
Comment
-
Originally posted by billyswong View Post
There is also Zoom, with Chinese capital and Chinese boss behind. And it is harder to avoid as use of Tiktok is entirely voluntary while Zoom less so.
Heck, I even think my own countrymen are more nefarious than the Chinese. The Chinese Communists are at least trying to make their ideal version of a society whereas the American Capitalists are selling out their own people for profit and using those profits to lobby and rig the system for themselves. That's why, per capita, The Land of the Free has more prisoners than the Communist boogeyman.
Is there another option for a world power? It sure as hell isn't Russia or England.
- Likes 4
Comment
-
Originally posted by markg85 View PostSelinux. the single most annoying linux component ever build. Which is imho still true to this very day.
...
I'm sure it has a special place for some people. To those: have fun with it. I've been bitten by it yet again and will very happily disable it again on new installs.
There's always the people here too who are like security addicted and enable every feature that adds more security. Fine by me, you do you, i do me. Don't try to convince me to run that garbage.
By all means, shut it off or switch it to permissive mode on your systems, but it's a powerful tool for those of us trying to keep malicious activity from happening in large production environments.
- Likes 1
Comment
-
Originally posted by markg85 View PostNoting, absolutely nothing at all, was even remotely hinting at selinux at this point
Originally posted by markg85 View PostI wasn't expecting to be bitten that hard by selinux again, but yeah, i was. It's a monstrous dumb bullshit piece of tech that should be thoroughly killed from linux in my opinion. And yes, that's only because it's so freaking stealthy in the background where you don't even know that it is causing your troubles. It would've been much better if it somehow were communicated better. But then again, a distribution like Arch - that thrives these days - doesn't use selinux at all. So if they don't need it why would i even bother using it? The tech is pointless in my view.
- Likes 1
Comment
-
Originally posted by Paradigm Shifter View PostBut hey, as others have said in threads here you shouldn't worry unless you have something to hide, right?
Never mind that many laws are written in such a way that you're wrong no matter what do you, if the authority decides they want to prosecute/persecute you.
Don't break the law and you've got nothing to worry about. Seriously, it's not that hard to have a great life and be a good citizen at the same time. That's what gets me to question people like you: the only reason you care is because you're probably doing something morally objectionable.
Comment
-
Originally posted by avis View Post
Except /var/log/audit/audit.log which I presume you never checked.
Works perfectly everywhere I use it. Maybe you could have started with some basic manuals.
- Likes 3
Comment
-
Man the number of mental 12-year-olds in this thread positing the usual "USA EVIL" take and people complaining about SELinux just doing it's job.
Seriously people; Grow up already. I know you're all in your 20s, 30s and 40s. Not 12."Why should I want to make anything up? Life's bad enough as it is without wanting to invent any more of it."
- Likes 2
Comment
Comment