Forward looking to FC2 final and SELinux
Scott Sloan
devscott at charter.net
Wed Apr 7 02:33:35 UTC 2004
It does no good to have an opinion and not share it, so here goes...
SELinux in test2 gave me much to think about with never before seen
output messages, file mount points disappearing, and addition messages
with every rpm package install. However, even with all the troubles, I
think SELinux is a beautiful addition to security in fedora and the only
way we are going to get rid of all its bugs is to run it against any and
every test we can come up with, just like we do with our kernels and
other system code. I personally believe it's a bad decision to disable
it in any current releases, only because if we disable it by default and
most users don't stray much from system default setups, we will lose
n-amount of valuable testing, all of which is greatly needed (esp. in
beta mode). Provide and keep the documentation up to date and encourage
developers to throw everything at SELinux. After enough testing, most
errors will be eliminated and no one will notice anymore. Like Alan
mentioned
>Its no different to the argument about default firewall rules. Now
>days nobody argues with them, but at the time I got some quite
>interesting flames about defaulting to firewalling on and it breaking a
>tiny number of peoples bits of software.
It is just a matter of getting through the headaches between now and
then. But disabling it I feel would be a lost due to the large amount of
needed testing we would be missing out on. Be patient, give it time, and
continue to submit bug reports. Everything will get better... someday :)
--
Scott Sloan
------------
"I'm not a genius. I'm just passionately curious" -- Einstein
More information about the fedora-devel-list
mailing list