[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Penalty of SELinux?

Manoj Srivastava wrote:
On Mon, 24 Sep 2007 18:54:34 -0500, Mike McCarty <Mike.McCarty@sbcglobal.net> said: 
Manoj Srivastava wrote:

On Mon, 24 Sep 2007 18:21:16 -0500, Mike McCarty
<Mike.McCarty@sbcglobal.net> said:


Manoj Srivastava wrote:

Firstly: Very few packages have been actively patched to link

Something like 50 or so. ls, mv, cp, etc.

Source packages.  All those are from coreutils, no?



I believe so. My response was in regards to "very few". I suppose that
is a subjective response. "50 or so" is not subjective.


        My response suggests that 50 or so is inaccurate, if you count
 source packages. It is fewer than that.  Compared to 10k source
 packages, however, even the bloated figure of 50  is "few". BTW, I
 count 29 packages.


I was using the published figure for Red Hat. They included such
apps as ls, ps, mv, cp, etc. which are modified either to display
or propagate attributes of processes or files.


--8<---------------cut here---------------start------------->8---
libselinux1 Reverse Depends:
  coreutils cron dbus dmraid dmsetup fcron gdm gnome-user-share
  libblkid1 libdevmapper1.02.1 libgnomevfs2-0 libnss-db libpam-modules
  librpm4.4 logrotate loop-aes-utils lvm2 mount nautilus openssh-server
  passwd policycoreutils prelink rpm sysvinit sysvinit-utils udev
  util-linux xdm
--8<---------------cut here---------------end--------------->8---


So, ls can't display the extended attributes of the files?
And ps can't display the attributes of the processes?
And find can't be used selectively to find files based on
the extended attributes?


Right. But a few hundred KB in memory is a smallish penalty, and



More subjectivity :-)


        All opinions are subjective.


Naturally.


even 708 old hardware seems to be running it fine for me.



My objection is to having on my machine at all.


        Feel free to create your own apt sources are where you
 specifically override the defaults you do not like. This is the only
 recourse for those of us who do not like some aspect of the
 distribution, and care enough to take the effort to fork out own
 packages (I do my own kernel, uml, emacs. gnus, et. al packages)


It would take more than just kernel, of course. I am investigating
LFS. Gentoo seems to have accepted SELinux as well, though since
it is a source distro most of the work would be easier in that
case, perhaps.

Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!
Reply to: