Request to re-add option to disable SELinux

Sat Jul 5 16:43:20 UTC 2008

On Sat, 2008-07-05 at 11:43 -0400, Alan Cox wrote:
> On Sat, Jul 05, 2008 at 02:03:24AM +0500, Suren Karapetyan wrote:
> > > That's meaningless. What percentage of those systems are running with
> > > the correct choice for their system ?
> > > 
> > That's a classic case of deciding what's best for the user instead of
> > asking him...
> 
> No. That was not the question I asked. I asked what percentage of those systems
> are running the correct choice for the system.
> 
> The point I'm trying to make is that most users have no idea what the correct
> risk/convenience trade off is for their system. They do not have the information
> or take the time to think systemically about it and make an informed decision.
> 
> You can give users all the choice in the world but if they are confronted
> at install time with questions that they do not know the answer to then the
> result is not choice, it is randomness and a feeling of helplessness and
> embarrasment on the part of the user.
> 
> Anyone with sufficient knowledge to make the assesment (and lots without)
> know how to turn it off later.

I fully agree with this line of reasoning.

Let's also try to make an example that should be easy to understand.

A choice must always be (as much as possible) something that the user at
least understand, the user may not care about, but understanding the
question makes him confident he knows what he is doing.

So if I ask: do you prefer apples or oranges ?

The specific user may not care, or may not have a preference, but he
clearly will understand the question and the problem space. In this case
a random choice is acceptable. (For someone that is allergic to oranges
or apples, the question is truly important too, and he knows exactly
what to choose).

Now if I ask: do you prefer foo or bar ?

How can someone answer to this ?
The only choice is random and not only the user feel confused about it,
and helpless, he will also probably feel anxious about what is the right
choice to make.

The SELinux question is like the latter for most people, and although
usually it seem bad to say, we actually know better what is the right
default choice (security over all is most important).
Power users that know what SELinux is, are the only one that would know
how to answer properly and consciously, they can easily make their
choice later and go disable SELinux, like a normal user instead would go
and change the desktop background to his liking.

Security by default is the best choice (and I wouldn't even ask about
the firewall assuming we still do it).

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York