Request to re-add option to disable SELinux
Stewart Adam
maillist at diffingo.com
Thu Jul 3 18:47:10 UTC 2008
On Thu, 2008-07-03 at 12:52 -0400, Casey Dahlin wrote:
> This is about the 950th "SELinux ate my baby, let's turn it off" thread.
> What's supposed to be different THIS time?
>
> --CJD
Nothing. But all these threads have summed up two major points:
* New users don't know what SELinux is, does, or why their app isn't working or has stopped
working. Moreover, many more users don't know how to find the source of the problem and
report it. So overall that makes Fedora look broken in _stable releases_.
* SELinux is an important aspect to security on a Linux PC and it _will not_ be disabled on
new installs. If it's broken, then it's the solution isn't to disable SELinux but to fix the
bug in the policy.
If we could get the documentation for setroubleshoot online, I'd be interested in helping write a
plugin that allowed users to report audit denials similar to how kerneloops does. setroubleshoot then
bridges the gap between new users and fixing the policy, and it could be done with stats to see what
areas need work on. Naturally it would only report the denials the user requests to be submitted,
so no "calling home" stuff.
Stewart
More information about the fedora-devel-list
mailing list