Forward looking to FC2 final and SELinux

Jesse Keating jkeating at j2solutions.net
Tue Apr 6 18:59:04 UTC 2004


Is the end strategy still to put out FC2 with SELinux enabled/enforcing?  
I'm struggling with finding good reasons to have SELinux enforcing by 
default on a final release.  I'd like to see SELinux at the most in 
permissive mode, so that things are still labeled, but SELinux is 
preventing the system from working.  With the amount of 3rd party 
software people usually add to their systems, people will end up 
spending more time fighting SELinux (or disabling it themselves) than 
actually using the system.

While SELinux is very cool, and very usefull in corner cases of edge 
servers, it's not very cool for workstations, desktops, general 
servers, etc...  During the beta phase it's somewhat cool to have it 
enabled to touch on a VERY large range of hardware/systems, but it's 
turning people away from the OS.  Test2 felt extremely alphaish, and 
with only one more test release in the works, people are beginning to 
seriously doubt the quality of Fedora Core.  FC2 being the first FC 
release to be developed entirely under the "open" policy of the Fedora 
project, it would be nice for it to be solid, and not a steaming pile, 
as it will set the tone for all future FC releases.

In short, I'd urge strongly to have SELinux turned off for the final 
release, and perhaps even for Test3.  Having it there is extremely cool 
for those that will need/want it.  Forcing it upon the rest of the 
world is not wise IMHO.

The option for SELinux should continue to be exposed during the install 
(and kickstarts), but default to off.  Those that know what SELinux is, 
and are capable of managing policies or reporting problems will be able 
to enable it, and click through a big popup warning about SELinux.  
Those users who don't know should be scared off by the popup if they 
make the mouse click to enable SELinux.  It goes with the rest of the 
theme of the distribution.  Powerusers to are capable of dealing with 
certain features can enable those features themselves.  Non-power users 
should not be forced to learn about something just to be able to turn 
it off or repair their system.

-- 
Jesse Keating RHCE      (geek.j2solutions.net)
Fedora Legacy Team      (www.fedoralegacy.org)
GPG Public Key          (geek.j2solutions.net/jkeating.j2solutions.pub)
 
Was I helpful?  Let others know:
 http://svcs.affero.net/rm.php?r=jkeating
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20040406/68b76dd9/attachment.sig>


More information about the fedora-devel-list mailing list