How best get rid of SELinux?
Rahul Sundaram
sundaram at fedoraproject.org
Fri Sep 21 06:17:40 UTC 2007
Ralf Corsepius wrote:
>
> If SELinux was transparently working (Which it doesn't on Fedora on many
> situations), nobody would name it "infection".
Pretty much every security solution has had a history of such problems.
I remember back in the days when a firewall used to get very similar
complaints and everyone was suggesting just to turn it off instead
SELinux is a fundamental security paradigm change. It has taken a lot of
effort to get where we are now.
> => This is users complaining about SELinux's usability, based on their
> personal experiences with the Fedora implementation.
Atleast on Mike McCarty's case he has no personal experience with it.
Users have mixed opinions as always.
> If SELinux was such an "terrific and compelling approach", upstream
> Linux and other distros would have adopted it _years ago_ with standing
> ovations - Fact is: Nobody did.
> => This is developers and maintainers having doubts on SELinux.
Sure. Technology changes like this take time. Lilo vs GRUB. Static dev
vs udev as other relatively fundamental changes have also taken time for
distributions to adopt.
SELinux is indeed upstream and a number of distributions have varying
levels of support for it. Both the technology as well as adoption have
only been increasing over time.
Rahul
More information about the fedora-list
mailing list