Forward looking to FC2 final and SELinux
Jesse Keating
jkeating at j2solutions.net
Tue Apr 6 18:59:04 UTC 2004
Is the end strategy still to put out FC2 with SELinux enabled/enforcing?
I'm struggling with finding good reasons to have SELinux enforcing by
default on a final release. I'd like to see SELinux at the most in
permissive mode, so that things are still labeled, but SELinux is
preventing the system from working. With the amount of 3rd party
software people usually add to their systems, people will end up
spending more time fighting SELinux (or disabling it themselves) than
actually using the system.
While SELinux is very cool, and very usefull in corner cases of edge
servers, it's not very cool for workstations, desktops, general
servers, etc... During the beta phase it's somewhat cool to have it
enabled to touch on a VERY large range of hardware/systems, but it's
turning people away from the OS. Test2 felt extremely alphaish, and
with only one more test release in the works, people are beginning to
seriously doubt the quality of Fedora Core. FC2 being the first FC
release to be developed entirely under the "open" policy of the Fedora
project, it would be nice for it to be solid, and not a steaming pile,
as it will set the tone for all future FC releases.
In short, I'd urge strongly to have SELinux turned off for the final
release, and perhaps even for Test3. Having it there is extremely cool
for those that will need/want it. Forcing it upon the rest of the
world is not wise IMHO.
The option for SELinux should continue to be exposed during the install
(and kickstarts), but default to off. Those that know what SELinux is,
and are capable of managing policies or reporting problems will be able
to enable it, and click through a big popup warning about SELinux.
Those users who don't know should be scared off by the popup if they
make the mouse click to enable SELinux. It goes with the rest of the
theme of the distribution. Powerusers to are capable of dealing with
certain features can enable those features themselves. Non-power users
should not be forced to learn about something just to be able to turn
it off or repair their system.
--
Jesse Keating RHCE (geek.j2solutions.net)
Fedora Legacy Team (www.fedoralegacy.org)
GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub)
Was I helpful? Let others know:
http://svcs.affero.net/rm.php?r=jkeating
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20040406/68b76dd9/attachment.sig>
More information about the fedora-devel-list
mailing list