Request to re-add option to disable SELinux
Jon Masters
jonathan at jonmasters.org
Wed Jul 2 21:16:26 UTC 2008
On Wed, 2008-07-02 at 17:13 -0400, Alan Cox wrote:
> On Wed, Jul 02, 2008 at 04:37:48PM -0400, Jon Masters wrote:
> > I wasted about 6 hours on Sunday evening[0] figuring out why an SELinux
> > policy update in F9 had randomly stopped VPNC from working in a policy
> > update - that came following days of denials trying to do even simple
> > stuff. I can't possibly see how thrusting this default upon masses of
> > otherwise unsuspecting users is a good idea. I'm not saying SELinux
> > isn't a fantastic idea in certain cases, just not on "the desktop".
>
> The desktop is where it is most needed.
Yes, in a perfect world in which policy and reality were so well aligned
that everything just worked, all of the time.
> But here is a silly question - why are you using vpnc if you turn SELinux off,
> telnet would be faster too ?
I didn't turn SELinux off. I'm forcing myself to use it in enforcing
mode, and I will continue to do so. But I think it's absolutely nuts to
expect the average Fedora desktop user to do so :)
Jon.
More information about the fedora-devel-list
mailing list