Always turn this shit off on a newly installed system. It's annoying.
>>107830029i don't think i will
>>107830029You've already lost if it ships with your distro.
>>107830047based>SELinux status: enabled
>>107830072just for that i'm disabling it, frogfucker
skill issue
>>107830029what does SELinux even do anyway?is this like sudo or maybe firewall?
>>107830083It's a front door for the NSA.
>>107830083access control. policies mandate what you can and can't do. even while root.
>>107830083It's like antivirus. It complains every time you do something with a file. Just disable it and don't click on phishing emails. ez pz.
>>107830076Don't forget to install chrome, steam, discord, snapd, proprietary nvidia drivers and x11 contrarianon!
is there anyt reason to use this shit on your personal computer
>>107830141Where are you even encountering SELinux on your desktop? It's pretty much transparent on my Fedora desktop.I do change some settings on my server, but that's just for container bullshit.
>>107830173you are more likely to encounter programs spouting errors because it didn't have access to some shit caused by selinux
>>107830173Try backing up the root file system with rsync.
>>107830097Pretty sure it's a garage door for the FBI.
So far the only issue I've had with SELinux is with Half-Life 2 not playing music files, but I was able to fix it: https://github.com/ValveSoftware/Source-1-Games/issues/6739#issuecomment-3694136287
>>107830083>what does SELinux even do anyway?"Hardens" the system, but that's about it. It's just NSA bullshit for folks that think they're playing InfoSec on Linux.
>>107830351>just trust that your apps will only do what they say they do>t. Jia Tanyeah nigga, sure
>>107830338Why does an mp3 decoder need to write and read memory anyway?
>>107830392to allocate memory for decoding mp3?
>>107830097its not doing a good job of that given that there is no additional inbound/outbound network traffic because of it. Oh and its code is entirely open source. Has open source ever been used as an NSA backdoor before?
>>107830120Unironically a lot of people are moving to Linux to install Steam...
>>107830417>Has open source ever been used as an NSA backdoor before?Reflect on the word "Jia Tan" that Anon mentioned above.
>>107830406I probably should have worded that as "why does it need to allocate memory that is writable and readable". I'm not claiming to really understand any of this as I'm a nocoder retard. Is allocating memory that's readable & writable as bad as selinux claims?
>>107830457you need to ask selinux people for thatbut my personal guess is, if you have access to memory then your program can do its thing, because without memory programs can't do anything no? so that's why it's being limited
>>107830392execheap isn't about readable and writable memory, but about writable and executable memory. it should only be one of them. It opens up possibilities for (malicious) code injection. That's why the JIT is having trouble. It's generating code during runtime.
>>107830449>was discoered not long after it was deployed>quickly correctedThat kind of proves my point. There are millions of autistis out there in the world looking at the linux kernel and other OSS. If selinux actually had a backdoor like jia tan, i cant imagine that it would have remained hidden all of this time.
>>107830608A single autistic engineer noticed a minor performance anomaly during testing. Pure luck is the only thing that sabotaged a multiple year operation.
>>107830417every now and then you'll read a cve for a vuln that grants system access these are the exploits gov agencies put in the code as a backdoor until some hacker finds them and they get patched
>>107830563Ah, so I'm conflating code being readable with it being executable. I just assume this scenario would be a classic memory corruption where someone would somehow get malicious code into the heap and then it would execute said code.
>>107830968>then it would execute said code.isn't that what that previous anon said it does?code injection means it gets executed
>>107830029Arch does not come with SELinux. You might like Arch
>>107830029SELinux was freezing X when set to enforcing last time I tried to set it up. Years later, I still can't find the motivation to properly do it. All it does now is generate millions of warnings.
Never had any iasues with it.
>>107830173This, only time I ever encountered an SELinux issue was TF2 AAC playback library failing because it required heap execution permission which is sketchy as fuck in and of itself but overlooking that, the solution was readily available online
>>107830291If you do it while the OS is running then the backup will probably be invalid anyway, so no change there.If you do it from a live environment or disk attached to another computer then SELinux won't be active anyway, so no change there either.>>107830029That's one of the reasons I prefer AppArmor. Most users will never notice it's there, and those who do are more likely to look up how to adjust it rather than disable entirely.
>>107830120>chrome, steam, snapd, proprietary nvidia driverssmart>discord>X11stupid
>>107830029It's set to permissive on my machine. Should be good enough, right?
