SELinux removed from desktop cd spin?

Valent Turkovic valent.turkovic at gmail.com
Thu Jan 17 07:40:31 UTC 2008


Warren Togami wrote:
> Valent Turkovic wrote:
>> Hi,
>> I believe that SELinux is a great linux server security hardening tool
>> but that has little use in desktop linux usage and it confuses
>> ordinary desktop users.
>> If it hasn't been discussed before I would like to propose that on
>> desktop cd spin SELinux is not installed by default, of course after
>> discussion and approval from you (fedora devels).
>>
>>
>> Cheers,
>> Valent
>>
> 
> Also keep in mind that if SELinux break something on the desktop, THAT 
> is a bug.  Starting before F8 I personally began to use SELinux enabled 

Well I repoted how SELinux "broke" a mayor Fedora 8 feature. Fluendo 
codecs don't work even if you buy them. Sure it is SELinux job to 
disable if software has bugs, but fluendo can't fix it because it is 
intel compiler bug that they can fix... and so on and on...
This is just one example. I disabled SELiux for that bug and now I can 
play my multimedia. Did my machine blow up? Dig I get OWNED? Am I now 
asking hacked to come and get me? Are my files being read and deleted 
randomly by somebody? Did my memory overflow? No, no, no, no.
People just want thing to JustWork and SELinux has the stoping power of 
magnum .44. Sure it is a powefull tool but you are puting it in 
inexperienced hands and doing more damage to fedora desktop that it 
gives benefit to users.

On my RHEL or CentoOS servers, yes. But on my desktop no.

> all the time.  At first a few things were broken, but I figured out how 
> to report smart Bugzilla reports against selinux-policy and dwalsh takes 
> care of them real quick.

Same here. But I still see too much negative that positive for average 
users who aren't going to understand your or mine point and for sure 
won't like if something doesn't work on their desktop no matter the 
reason being bugs or security.




More information about the fedora-devel-list mailing list