[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Request to re-add option to disable SELinux

On Thu, 2008-07-03 at 12:52 -0400, Casey Dahlin wrote:
> This is about the 950th "SELinux ate my baby, let's turn it off" thread. 
> What's supposed to be different THIS time?
> --CJD
Nothing. But all these threads have summed up two major points:

* New users don't know what SELinux is, does, or why their app isn't working or has stopped
  working. Moreover, many more users don't know how to find the source of the problem and
  report it. So overall that makes Fedora look broken in _stable releases_.

* SELinux is an important aspect to security on a Linux PC and it _will not_ be disabled on
  new installs. If it's broken, then it's the solution isn't to disable SELinux but to fix the
  bug in the policy.

If we could get the documentation for setroubleshoot online, I'd be interested in helping write a
plugin that allowed users to report audit denials similar to how kerneloops does. setroubleshoot then
bridges the gap between new users and fixing the policy, and it could be done with stats to see what
areas need work on. Naturally it would only report the denials the user requests to be submitted,
so no "calling home" stuff.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]