Request to re-add option to disable SELinux - compromise

Daniel J Walsh dwalsh at redhat.com
Wed Jul 9 19:34:11 UTC 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ralf Corsepius wrote:
> On Wed, 2008-07-09 at 11:04 -0400, Daniel J Walsh wrote:
> 
>> So this bug will happen whenever SELinux was disabled.
> Note: This bug ... provided the fact SELinux is not transparent ... can
> you exclude other cases?
> 
>>   Whether or not
>> you disabled it during install or post install.  So your example of why
>> SELinux needs to be able to be disabled in Anaconda is flawed.
> May-be, may-be not, ... I may be wrong in this particular case, but
> otherwise I disagree with you - I regret having to say this, but I've
> been too often hit issues with SELinux-policies in all the years SELinux
> is in Fedora to have grant it much trust.
> 
Yes, I understand this.  And if bugs/problems in the past cause you to
not run with SELinux, that is fine.  But you have not given an example
of why having/not having the option in Anaconda changes this.
> Anyway, another case: SELinux's run-time memory consumption is too big
> for some classes of (low end) HW.
> 
For low end hardware you will probably need to do custom install
anyways.  But
> Related to it: I had experienced cases where selinux-policy updates took
> hours and occasionally caused kernel oops'es.
> 
Depending on the size of a system if it needed to relabel a  major
portion it could take a very long time.  Kernel oopses are regrettable.
> Ralf
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkh1ErIACgkQrlYvE4MpobOdUACgwIIIJNoptR7llUqHEmaSVi6X
vZsAoJNvOMmlGIBXd2i0ajll9rHMrmAU
=/HDX
-----END PGP SIGNATURE-----




More information about the fedora-devel-list mailing list