Request to re-add option to disable SELinux

Suren Karapetyan surenkarapetyan at gmail.com
Fri Jul 4 19:19:14 UTC 2008


On Fri, 2008-07-04 at 14:34 -0400, Simo Sorce wrote:
> On Fri, 2008-07-04 at 22:45 +0500, Suren Karapetyan wrote:
> > The option to disable SELinux didn't create problems for anyone.
> > Experienced users knew what to do. And people not knowing what it is
> > just clicked 'Next'.
> 
> Wrong, it added yet another annoying mysterious choice for everybody. 
And because of that "annoying mysterious choice" "everybody" just
couldn't install Fedora cause they didn't know what to do (i.e. click
Next)
That's the most horrible direction of reasoning.
With that we can easily remove every option from installation process.
(What's the point in asking what packages You want... You can
install/remove later... What's the point in changing default
partitioning... it's OK).
> 
> You have all the tools to disable it later, it's not like we took away
> the possibility to disable it, we just don't ask for it at installation
> like we do not ask for other gazzilion configuration option at
> installation time.
We're just make it harder to disable.
And we're doing it cause non-technical people don't like seeing
something they don't understand (and if You're not technical it will
happen quite often when working with PCs)
> 
> Everyone have some specific setting they change for the default right
> after installation, should everyone get an option for it into the
> install screen?
SELinux isn't just a specific setting... It's a bit too big.
It's a feature 38.7% of systems in smolt have disabled...
Removing that combobox is like telling this 38.7% (203150) 
"know what... the other 61.3% (321879) don't like *seeing* choice of
disabling SELinux during install... You'll have to do it after install."
> 
> Let's be less selfish guys and look at the bigger picture.
That's what I do. :)
> 
> If you know you don't need SELinux for whatever reason you can simply
> disable it after installation (or in kickstart if you do automated
> installations).
> 
> If you are a Fedora developer and disable it by default to "develop"
> packages than I honestly think you are poorly executing your task.
> You should set it to permissive only when you get some "access denied"
> problem while testing the specific changes, and as soon as you are happy
> with it and ready to push a new package, you should FIRST set SELinux
> back to Enalbled and (working with Dan if necessary) make sure your
> package pass again all your tests.
> Not doing so you are making a disservice to the Fedora community,
> because if you don't test with SELinux on then you don't know if your
> stuff will work with it enabled, and you will create a bad experience
> for other developers and users.
Agree. It's like building a package and not checking if it works on
x86...
But I'm not a Fedora developer (yet).
> 
> Simo.
> 
> -- 
> Simo Sorce * Red Hat, Inc * New York
> 




More information about the fedora-devel-list mailing list