Request to re-add option to disable SELinux

[James Morris]

On Sat, 5 Jul 2008, Suren Karapetyan wrote:

> SELinux isn't just a specific setting... It's a bit too big.
> It's a feature 38.7% of systems in smolt have disabled...
> Removing that combobox is like telling this 38.7% (203150) 
> "know what... the other 61.3% (321879) don't like *seeing* choice of
> disabling SELinux during install... You'll have to do it after install."

Don't believe everything you read.  The 61.3% figure is probably lower 
than the real figure (by quite a lot) because many systems reported in 
before SELinux was part of the smolt stats and are counted as "disabled".

(It would be nice to have a disclaimer on that page...)



> > 
> > Let's be less selfish guys and look at the bigger picture.
> That's what I do. :)
> > 
> > If you know you don't need SELinux for whatever reason you can simply
> > disable it after installation (or in kickstart if you do automated
> > installations).
> > 
> > If you are a Fedora developer and disable it by default to "develop"
> > packages than I honestly think you are poorly executing your task.
> > You should set it to permissive only when you get some "access denied"
> > problem while testing the specific changes, and as soon as you are happy
> > with it and ready to push a new package, you should FIRST setÿÿ SELinux
> > back to Enalbled and (working with Dan if necessary) make sure your
> > package pass again all your tests.
> > Not doing so you are making a disservice to the Fedora community,
> > because if you don't test with SELinux on then you don't know if your
> > stuff will work with it enabled, and you will create a bad experience
> > for other developers and users.
> Agree. It's like building a package and not checking if it works on
> x86...
> But I'm not a Fedora developer (yet).
> > 
> > Simo.
> > 
> > -- 
> > Simo Sorce * Red Hat, Inc * New York
> > 
> 
> 

-- 
James Morris
<jmorris at namei.org>