SELinux removed from desktop cd spin?
Valent Turkovic
valent.turkovic at gmail.com
Thu Jan 17 07:40:31 UTC 2008
Warren Togami wrote:
> Valent Turkovic wrote:
>> Hi,
>> I believe that SELinux is a great linux server security hardening tool
>> but that has little use in desktop linux usage and it confuses
>> ordinary desktop users.
>> If it hasn't been discussed before I would like to propose that on
>> desktop cd spin SELinux is not installed by default, of course after
>> discussion and approval from you (fedora devels).
>>
>>
>> Cheers,
>> Valent
>>
>
> Also keep in mind that if SELinux break something on the desktop, THAT
> is a bug. Starting before F8 I personally began to use SELinux enabled
Well I repoted how SELinux "broke" a mayor Fedora 8 feature. Fluendo
codecs don't work even if you buy them. Sure it is SELinux job to
disable if software has bugs, but fluendo can't fix it because it is
intel compiler bug that they can fix... and so on and on...
This is just one example. I disabled SELiux for that bug and now I can
play my multimedia. Did my machine blow up? Dig I get OWNED? Am I now
asking hacked to come and get me? Are my files being read and deleted
randomly by somebody? Did my memory overflow? No, no, no, no.
People just want thing to JustWork and SELinux has the stoping power of
magnum .44. Sure it is a powefull tool but you are puting it in
inexperienced hands and doing more damage to fedora desktop that it
gives benefit to users.
On my RHEL or CentoOS servers, yes. But on my desktop no.
> all the time. At first a few things were broken, but I figured out how
> to report smart Bugzilla reports against selinux-policy and dwalsh takes
> care of them real quick.
Same here. But I still see too much negative that positive for average
users who aren't going to understand your or mine point and for sure
won't like if something doesn't work on their desktop no matter the
reason being bugs or security.
More information about the fedora-devel-list
mailing list