Selinux and Compiz
Bruno Wolff III
bruno at wolff.to
Mon Oct 27 14:14:29 UTC 2008
On Sun, Oct 26, 2008 at 13:39:40 -0500,
Jerry Amundson <jamundso at gmail.com> wrote:
>
> I repeat. I think disabled is the best option for the largest
> audience. Overall, the majority of time spent re-labeling occurs when
> we disable selinux in firstboot.
FYI, when you disable selinux a relabel doesn't occur. It's just that
processes stop properly labelling new files, so that if you turn selinux
back on (even in permissive mode), all files on the system need to be checked
to make sure they are properly labelled.
> No selinux. No problems. Everything else that needs to be logged gets logged.
The logs from selinux can be useful even in permissive mode and include
information that is not included in other logs. Whether or not they are
useful often enough to justify the overhead by default is something reasonably
debated.
More information about the fedora-test-list
mailing list