Request to re-add option to disable SELinux

[Jon Masters]

On Wed, 2008-07-02 at 16:29 -0400, Jon Masters wrote:

> I think what's needed is a nice little paragraph summarizing what
> SELinux is aiming to do, and then the old option of setting permissive
> or disabling - users can then set permissive if they prefer to.

Note that when I say this, I'm one of the users who might well turn it
off (well, set permissive) again on future installs. I've lived with
SELinux enforcing on F9 for under two weeks and have found it highly
inhibitive to performing many regular everyday tasks I'm used to.

I wasted about 6 hours on Sunday evening[0] figuring out why an SELinux
policy update in F9 had randomly stopped VPNC from working in a policy
update - that came following days of denials trying to do even simple
stuff. I can't possibly see how thrusting this default upon masses of
otherwise unsuspecting users is a good idea. I'm not saying SELinux
isn't a fantastic idea in certain cases, just not on "the desktop".

Dan, et al, no offense, but we need the option to come back :)

Jon.

[0] It had been almost ten years since I last read through all that
documentation. So although I learned a lot about our current policy, and
what has changed over the years in SELinux, so that I could understand
the current targeted policy source, this isn't something regular Fedora
users should have to do in order to be using their computers :)