USB thumb drive question... SELinux .. on or off?
ne...
akabi at speakeasy.net
Thu Oct 14 12:08:34 UTC 2004
On Oct 13, 2004 at 23:04, Jerone Young in a soothing rage wrote:
[massive top posting rearranged]
>On Wed, 13 Oct 2004 21:42:34 -0400, Jim Cornette
><fct-cornette at sbcglobal.net> wrote:
>> Jerone Young wrote:
>> > One bug today.... another bug tommorow. Average users could care less
>> > about SELinux, so why have it on, if it's just going to cause
>> > potential issues for average users.
>> >
>> >
>> > On Wed, 13 Oct 2004 11:40:50 -0400, Colin Walters <walters at redhat.com> wrote:
>> >
>> >>On Tue, 2004-10-12 at 14:00 -0500, Jerone Young wrote:
>> >>
>> >>>You know this is why SELiux needs to be off by default. It is just a
>> >>>headache for average users that is not needed. For those who want
>> >>>SELinux (myself being one) we know how to cut it one.
>> >>
>> >>It was just a bug. Software has bugs. We make test releases to find
>> >>the bugs and fix them.
>> >>
>>
>> SELinux is pretty much out of the way for most processes. Since another
>> linux distribution had their website cracked recently, it is a good idea
>> to head off potential attacks before they become a common problem with
>> Linux systems.
>>
>> If a user wants to disable this feature. The feature is easily disabled
>> using system-config-securitylevel or during the initial installation
>> choices.
>>
>> This choice might be prompted sort of like the "this is a beta release",
>> and an install anyway prompt. Maybe a prompt stating "SELinux is a
>> security feature that helps protect your system" and a choice for
>> enabling or disabling SELinux.
>I think everyone is missing the point here. If I am an Average User I
>am not running an apache web server. Most people who are not in the
>security community have no idea what SELinux actually does. Most
>system administrators today don't even take advantage of file system
>ACLs. By having SELinux on by default you make simple problems turn
>into big problems that people do not understand. I keep seeing these
>arguments for apache web servers, that seems to be the only program
>that has a usable policy out of the box right now. I hate to break it
>to you guys but most people are trying to use Linux as a Desktop &
>other uses that have nothing to do with apache. For those who know
>what SELinux is they will will simply flip on the on switch. But most
>people have no idea, and when it causes problems it just makes solving
>them worse.
I think you need to re-visit the goals and objectives of Fedora. It is
a proving ground for new technology. The first outing of SELinux
proved to be very difficult to use. This time around, it is very much
improved. So much so that I now use targetted as my default. As for
those average users, they are going to have to do some learning. We
can make it pleasurable for them. We just have to improve our
approach.
N.Emile...
--
Registered Linux User # 125653 (http://counter.li.org)
Switch to: http://www.speakeasy.net/refer/190653
Beauty is one of the rare things which does not lead to doubt of God.
-- Jean Anouilh
08:03:25 up 108 days, 1:18, 5 users, load average: 0.00, 0.00, 0.00
More information about the fedora-test-list
mailing list