Request to re-add option to disable SELinux

Suren Karapetyan surenkarapetyan at gmail.com
Fri Jul 4 17:45:11 UTC 2008 

On Fri, 2008-07-04 at 09:59 -0700, Andrew Farris wrote:
> Suren Karapetyan wrote:
> > On Fri, 2008-07-04 at 12:08 +0200, Nils Philippsen wrote:
> >> On Fri, 2008-07-04 at 01:54 +0500, Suren Karapetyan wrote:
> >>> EVERYBODY who used to disable SELinux when the combo-box was there will
> >>> STILL disable it. We didn't get ANYTHING from removing that *feature*.
> >> Please don't confuse features with workarounds. 
> > I need neither SELinux nor encrypted rootfs on my desktop (at least
> > now). So I'm not trying to workaround SELinux related problems. I just
> > don't need it/them.
> 
> I think its unfortunate that so many people believe SELinux is something 'for 
> the server' and not needed 'on the desktop'.  That probably comes from the first 
> policy being deployed for server processes (if my memory serves correctly).  I'm 
> not attacking your own position on this point Suren, but it is hard to 
> understand why you would think this unless not really understanding what SELinux 
> is meant to prevent.
> 
> The core developers working on SELinux have many times said the desktop is 
> precisely where it is most needed, especially confining browsers and plugins.  I 
> think my personal information on my laptop is worth the extra security.
> 
> -- 
> Andrew Farris <lordmorgul at gmail.com> www.lordmorgul.net
>   gpg 0x8300BF29 fingerprint 071D FFE0 4CBC 13FC 7DEB  5BD5 5F89 8E1B 8300 BF29
> 

I'm no expert of SELinux, but I do have a good understanding of what it
does (at least currently).
And I agree: it's much more useful on the desktop than (BTW. don't laugh
at me when I mess with then/than) on the server (tune at a bit and it
can prevent social engineering).
But it's not useful to me.
And I understand I'm not the only user and it's OK if I don't like
something, others may like/want/need it.
But Fedora is about Freedom... freedom of choice among others.
And we are making increasingly harder to make non-standard choice.

The option to disable SELinux didn't create problems for anyone.
Experienced users knew what to do. And people not knowing what it is
just clicked 'Next'.

More information about the fedora-devel-list mailing list