Re: Forward looking to FC2 final and SELinux

["Michael A. Peters" <mpeters mac com>]

On Tue, 2004-04-06 at 12:21, Jesse Keating wrote:
> On Tuesday 06 April 2004 12:24, Michael A. Peters wrote:
> > Actually - I think desktops and general servers are where it is the
> > most beneficial. On the desktop, I think it can help prevent the
> > spread of worms from people who turn their firewall off, play with
> > sendmail, and don't patch. For the general servers, it helps prevent
> > compromise of one service from impacting another.
> 
> General servers maybe.  Workstations, where users add a plethora of 
> third party software, almost all of it w/out any SELinux support 
> (policy additions), can quickly become a mess, with the user usually 
> just turning off SELinux completely rather than deal with the headache.

I see the point.
Perhaps the Fedora Packaging guidelines should be updated to deal with
this scenario so that third party packagers can fix their packages to
work with SELinux.

> 
> Sure it's an option, but (non scientific) studies have shown that the 
> defaults are what are used most often.  My recommendation was to keep 
> it as an option during the install, but leave the default as off.

I suspect even scientific studies would show the defaults are what are
used most often.

It definitely should be either permissive or off for the Workstation
button. IMHO.

-- 
Cheap Linux CD's - http://mpeters.us/linux/