Request to re-add option to disable SELinux - compromise
jeff
moe at blagblagblag.org
Mon Jul 7 19:37:29 UTC 2008
Rahul Sundaram wrote:
> jeff wrote:
>>> The policy has already been fixed
>>
>> Which policy?
>
> SELinux policy of course. The bug your referenced has more details.
Well, that's a broad policy. I'm just talking about the ability to disable it,
not removing it altogether or whatever. The policy isn't "no one should be able
to disable this" is it? I think not. The current policy is to allow users to
disable it if they want, correct? Currently this is only available
post-install. There are many users that want it at install time too, which was
previously available.
I'm not asking for a change to selinux policy.
>> I didn't mean to drag swfdec into this--I pointed at that bug for this
>> quote (which I should have made more clear):
>
> Developers frequently do turn off on all sort of security measures
> including firewalls just to avoid having to debug such issues. It is not
> very relevant for regular users.
I'm not talking about regular users. I'm talking about users that also use
things like reiserfs/jfs/xfs/etc. and *know* they don't want selinux.
-Jeff
More information about the fedora-devel-list
mailing list