Forward looking to FC2 final and SELinux

Jeremy Katz katzj at redhat.com
Thu Apr 8 17:59:59 UTC 2004


On Thu, 2004-04-08 at 03:46 -0300, Alexandre Oliva wrote:
> On Apr  7, 2004, Matias Feliciano <feliciano.matias at free.fr> wrote:
> > Le mar 06/04/2004 à 20:59, Jesse Keating a écrit :
> >> [...]
> >> The option for SELinux should continue to be exposed during the install 
> >> (and kickstarts), but default to off.
> 
> > +1
> 
> How would you feel about permissive mode instead of disabled as the
> default?

One problem with this is that if you're running in permissive mode, then
domain transitions which were expected to occur may not (because you
would have been denied to do something first if you were running in
enforcing mode).  This makes switching from permissive to enforcing an
operation that requires the (imho) broken relabeling of your entire fs.

So I'm not convinced that permissive by default actually buys us
anything.

Jeremy





More information about the fedora-devel-list mailing list