Request to re-add option to disable SELinux - compromise

[Denis Leroy]

max wrote:
> Denis Leroy wrote:
>> max bianco wrote:
>>> Can an option to completely disable the ability to disable SELinux be
>>> added? I'd rather there was no way to turn it off at all.
>>
>> that doesn't make *any* sense
>>
> It make as much sense as the rest of this thread and what it proposes. 
> Yes I realize this is extreme but no more extreme in my view than 
> disabled by default or offering the option at install time. There is 
> already a way to disable it if you know enough and if you don't then you 
> need it on anyway. For crying out loud my girlfriend uses Fedora, her 
> use is much closer to average than any of the rest of us and SELinux has 
> *never* caused her a problem. My mother, as computer illiterate as they 
> come( no disrespect intended Mom) does not have any problems. This 
> conversation is pointless, I see a hundred posts about people 
> complaining about people discussing things like the GPL on a developer's 
> list, a subject quite relevant in my view, but when the idea of 
> disabling practically the only security present on the system is brought 
> up , it actually gets entertained? Disable it?!?What?!? It seems to me 
> that entirely too many people have their priorities seriously out of 
> whack.

you are COMPLETELY missing the point. In some context, security is 
irrelevant. Like that Fedora system we use in our lab at work for 
bringup testing: it doesn't even have a network card.

some people thing that criticizing SELinux installation policy (not 
SELinux itself mind you, which is a useful thing) == saying "security is 
not important". This is ridiculous.

The only scenario I can think of where SELinux disabled installation 
would be forcefully prohibited would be, say, a custom Fedora spin 
targeted at employees or students where you don't want some smart guy to 
disable it (because that would mean your job)...