I've mentioned this a few times here & there, but I don't think we've had a full selinux discussion.
For those of you that aren't familiar with it selinux is
* a security paradigm to keep your linux box from being cracked
* a security paradigm created to make you a digital slave of the NSA
If you haven't heard of the NSA, they are like the CIA but much bigger and supposedly smarter. They are in charge of domestic telephone/email spying in the USA.
They are also the guys that created selinux and got it put into the kernel.
RedHat/Fedora have been pushing selinux very hard... So there are Fedora updates where the changelog reads:
* Fri Mar 10 2006 Dan Walsh <dwalsh redhat com> 1.12-2
- Upgrade to latest from NSA
I generally disable selinux on my system by adding "selinux=0" to the vmlinuz line in grub.conf (or menu.lst). This disables it at the kernel.
When you install BLAG/Fedora you have the option of using enforcing, permissive (watching), or "disabled".
The problem is that disabled really aint disabled from the get-go... I reported this and it got closed as NOTABUG. See:
https://bugzilla.redhat.com/bugzilla/sh ... ?id=145881
selinux can slow a system down and often causes odd problems.
So, in sum, I propose we have BLAG 50k and forward add selinux=0 to the kernel boot line and be done with it once and for all.