Request to re-add option to disable SELinux - compromise

Ralf Corsepius rc040203 at freenet.de
Wed Jul 9 15:22:38 UTC 2008


On Wed, 2008-07-09 at 11:04 -0400, Daniel J Walsh wrote:

> So this bug will happen whenever SELinux was disabled.
Note: This bug ... provided the fact SELinux is not transparent ... can
you exclude other cases?

>   Whether or not
> you disabled it during install or post install.  So your example of why
> SELinux needs to be able to be disabled in Anaconda is flawed.
May-be, may-be not, ... I may be wrong in this particular case, but
otherwise I disagree with you - I regret having to say this, but I've
been too often hit issues with SELinux-policies in all the years SELinux
is in Fedora to have grant it much trust.

Anyway, another case: SELinux's run-time memory consumption is too big
for some classes of (low end) HW.

Related to it: I had experienced cases where selinux-policy updates took
hours and occasionally caused kernel oops'es.

Ralf





More information about the fedora-devel-list mailing list