|From:||Jon Masters <jonathan-AT-jonmasters.org>|
|To:||Development discussions related to Fedora <fedora-devel-list-AT-redhat.com>|
|Subject:||Request to re-add option to disable SELinux|
|Date:||Wed, 02 Jul 2008 16:10:24 -0400|
Hi folks, I'd like to see the re-introduction of an option during (or shortly after, i.e. during firstboot) installation to disable SELinux, or set it to be permissive. My reason for making this request includes: *). A number of activities are not possible today, with SE Linux enabled and enforcing on a default F9 installation. I can give examples - downloading an ISO image and expecting to use it in virt-manager, creating a virtual machine in a non-standard location, etc. *). Policy changes will randomly stop things from working that used to work. Especially on the Desktop, where many possible code paths (SE Linux works by denying until an exception is found and added to the policy...requiring all code paths to be exercised) exist to do something. I found this last week when VPNC randomly broke. *). Tools like nautilus do not support labeling of files via the right-click properties dialog (gnome VFS, etc.) so there is no easy way for an end user who even understands part of this to fix context. This is the number one reason why SELinux should not be enabled by default, except on systems where there is an admin who can use chcon. But there are numerous other justifications I could give, including my personal belief that it's absolutely nuts to thrust SE Linux upon unsuspecting Desktop users (who don't know what it is anyway) without giving them the choice to turn it off. Cheers, Jon. -- fedora-devel-list mailing list email@example.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds