Request to re-add option to disable SELinux - compromise
Robert Nichols
rnicholsNOSPAM at comcast.net
Thu Jul 10 00:44:01 UTC 2008
jeff wrote:
>> One question nobody has been able to answer to my satisfaction yet: Why
>> would it be essential that SELinux can be disabled from the installer
>> vs. from the installed system? Last time I checked, the plan was to get
>> non-essential functionality out of anaconda.
>
> Essential may be a bit strong, but it may be "convenient". As I
> understand it, if you boot the install CD with selinux=0 the filesystem
> wont get labelled, making the install faster (and possibly less space?).
> I'd like to confirm that though.
>
> Post install it would require an additional reboot to disable it, unless
> you disabled it at boot: prompt.
>
>
> My previous suggestion seems to easily solve this for everyone involved
> though.
>
> 1) User types: "selinux=0" at boot: prompt of CD
>
> 2) anaconda parses this and installs without selinux, passing
> "selinux=0" to grub
>
> 3) First boot up, selinux is already disabled (ala selinux=0 passed via
> grub)
>
>
>
> The benefits are that people that do want SELinux are never confronted
> with extra dialog boxes, power users that want to disable it have an
> easy way to do so, and no rebooting and such ala windoz95.
>
> The only thing missing for this is to have anaconda pass "selinux=0" to
> grub. It already supports the rest. It would require a 1 or two line
> patch to anaconda:
>
> anaconda.id.bootloader.args.append("selinux=0")
>
>
> In other words, if you pass selinux=0 to anaconda install, it currently
> does *not* get passed to grub. It should, IMHO, and I don't see why it
> can't/shouldn't.
Anaconda already allows you to add arbitrary kernel parameters when
configuring the bootloader. I always add "vga=791" and "selinux=0".
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
More information about the fedora-devel-list
mailing list