selinux eradicator?

[Jim Cornette]

Mike McCarty wrote:
> Jim Cornette wrote:
> 
> [snip]
> 
> 
>> SELinux is now active on most computers since it is easier to diagnose 
>> problems, report misbehaving programs in a security sense.
> 
> What do you mean by "most computers"? "Most computers running FC6"?

I don't have any FC6 versions left. They are all up to F7. I don't have 
SELinux active on the development version.
> 
> It would be nice to address the original question, which is
> For those of us who prefer not to install or run SELinux, how can
> we do that easily without leaving Fedora Core Project?

If you do not use SELinux, you will not know whether it has improved in 
manageability and good default policies. I recently started using 
SELinux for F7 but before only set it to permissive.

It is better, so the best idea is to not fight so hard to remove it.

Earlier reasons why I only ran permissive instead of enforcing are below.

- It used to mess up package installation with errors in %pre and %post 
  scriptlets.
- It was too much hassle to set up server programs bcause of it blocking 
intended operations.

Both problems seem to be squashed from at least frequency.

You can disable it and remove associated programs if you choose to. I 
thought it would be worth mentioning that one who did not find value 
with SELinux has converted to preferring SELinux because the SELinux 
Troubleshooter informs you of the problem along with good explanations 
and corrective actions to allow your system to work as you intend it to 
work.

Jim


> 
> Mike