Request to re-add option to disable SELinux

Doug Ledford dledford at redhat.com
Wed Jul 2 20:58:41 UTC 2008


On Wed, 2008-07-02 at 16:39 -0400, Jon Masters wrote:
> On Wed, 2008-07-02 at 16:29 -0400, Matthias Clasen wrote:
> > On Wed, 2008-07-02 at 16:10 -0400, Jon Masters wrote:
> > 
> > > 
> > > *). Tools like nautilus do not support labeling of files via the
> > > right-click properties dialog (gnome VFS, etc.) so there is no easy way
> > > for an end user who even understands part of this to fix context. This
> > > is the number one reason why SELinux should not be enabled by default,
> > > except on systems where there is an admin who can use chcon.
> > 
> > I don't disagree with the general sentiment that selinux is not a very
> > good fit for desktop users as it is today. But nautilus _does_ support
> > labeling of files via the right-click properties dialog.
> 
> It displays the current context. I'm guessing if you're root at the time
> then it probably allows you to change it, but that's not useful until
> there's e.g. a PolicyKit hook that allows regular users to relabel.

Well, that's just incredibly helpful when combined with the whole "you
should never, under any circumstances, run X windows as root" thread of
a few days ago ;-)

-- 
Doug Ledford <dledford at redhat.com>
              GPG KeyID: CFBFF194
              http://people.redhat.com/dledford

Infiniband specific RPMs available at
              http://people.redhat.com/dledford/Infiniband

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080702/fe5f025c/attachment.sig>


More information about the fedora-devel-list mailing list