User: Password:
Subscribe / Log in / New account

Request to re-add option to disable SELinux

From:  Jon Masters <>
To:  Development discussions related to Fedora <>
Subject:  Request to re-add option to disable SELinux
Date:  Wed, 02 Jul 2008 16:10:24 -0400
Message-ID:  <1215029424.5130.13.camel@perihelion>
Archive-link:  Article

Hi folks,

I'd like to see the re-introduction of an option during (or shortly
after, i.e. during firstboot) installation to disable SELinux, or set it
to be permissive. My reason for making this request includes:

*). A number of activities are not possible today, with SE Linux enabled
and enforcing on a default F9 installation. I can give examples -
downloading an ISO image and expecting to use it in virt-manager,
creating a virtual machine in a non-standard location, etc.

*). Policy changes will randomly stop things from working that used to
work. Especially on the Desktop, where many possible code paths (SE
Linux works by denying until an exception is found and added to the
policy...requiring all code paths to be exercised) exist to do
something. I found this last week when VPNC randomly broke.

*). Tools like nautilus do not support labeling of files via the
right-click properties dialog (gnome VFS, etc.) so there is no easy way
for an end user who even understands part of this to fix context. This
is the number one reason why SELinux should not be enabled by default,
except on systems where there is an admin who can use chcon.

But there are numerous other justifications I could give, including my
personal belief that it's absolutely nuts to thrust SE Linux upon
unsuspecting Desktop users (who don't know what it is anyway) without
giving them the choice to turn it off.



fedora-devel-list mailing list

(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds