Request to re-add option to disable SELinux
Nils Philippsen
nphilipp at redhat.com
Sat Jul 5 18:13:36 UTC 2008
On Fri, 2008-07-04 at 15:19 +0500, Suren Karapetyan wrote:
> On Fri, 2008-07-04 at 12:08 +0200, Nils Philippsen wrote:
> > On Fri, 2008-07-04 at 01:54 +0500, Suren Karapetyan wrote:
> > > EVERYBODY who used to disable SELinux when the combo-box was there will
> > > STILL disable it. We didn't get ANYTHING from removing that *feature*.
> >
> > Please don't confuse features with workarounds.
> I need neither SELinux nor encrypted rootfs on my desktop (at least
> now).
Ironically, you'll only ever know whether you really need these two when
it's too late to make any decisions about it ;-).
> So I'm not trying to workaround SELinux related problems. I just
> don't need it/them.
The same could be said about backups, firewalls, file permissions... or
just about anything else that has the potential of standing in your way
if something goes wrong with it.
> > I think it's acceptable
> > to kindly guide people into employing that workaround only if and when
> > they run into problems.
> The border between kindly guiding and forcing is a bit too thin.
Nobody is forcing anybody here, after all you can easily switch it off
after installation. Or rather assist in improving it, even if you're not
entirely convinced of its usefulness for you personally ;-).
On Sat, 2008-07-05 at 02:03 +0500, Suren Karapetyan wrote:
> On Fri, 2008-07-04 at 16:57 -0400, Alan Cox wrote:
> > On Sat, Jul 05, 2008 at 12:19:14AM +0500, Suren Karapetyan wrote:
> [...]
> > SELinux isn't just a specific setting... It's a bit too big.
> > > It's a feature 38.7% of systems in smolt have disabled...
> > > Removing that combobox is like telling this 38.7% (203150)
> > > "know what... the other 61.3% (321879) don't like *seeing* choice of
> >
> > That's meaningless. What percentage of those systems are running with
> > the correct choice for their system ?
> >
> That's a classic case of deciding what's best for the user instead of
> asking him...
"Do you want to reduce the level of protection against malware and
computer criminals?" -- I'd say providing a good level of security by
default is objectively in the best interest of the user. Part of a
developer's job is actually making these decisions.
Nils
--
Nils Philippsen / Red Hat / nphilipp at redhat.com
"Those who would give up Essential Liberty to purchase a little Temporary
Safety, deserve neither Liberty nor Safety." -- B. Franklin, 1759
PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011
More information about the fedora-devel-list
mailing list