SELinux last straw
Chris G
cl at isbd.net
Fri Oct 19 09:26:10 UTC 2007
On Fri, Oct 19, 2007 at 09:04:24AM +0930, Tim wrote:
> On Thu, 2007-10-18 at 16:45 +0100, Chris G wrote:
> > I didn't even install it but I still get SELinux security messages in
> > my log file. I suspect that "turning it off" will have even less
> > effect than not installing it to start with.
>
> Why do you jump to that conclusion? I have other installed software
> that's usually turned off, it does nothing unless run. I don't expect a
> disabled SELinux to be any different.
>
But it is, it runs and outputs messages in my logs which say that it
has stoppped some things which would otherwise have happened (apache
access to some files if I remember).
OK, this isn't actually 'running' it but from a users point of view
it's no different. If, when asked if I want X installed I say no and
then later I see in my logs 'X has done something', what else am I to
conclude.
As I said before I think it's more of an issue of education and
documentation and wording. When the installation process asks if I
want SELinux or not it should maybe be asking if I want certain
SELinux functions to operate rather than whether I do or don't want it
as a whole.
> You did install it, you can't avoid it. You don't have to use it,
> though.
>
Yes, OK, but that's not what it sounds like when you say 'No thank
you' during the installation process.
--
Chris Green
More information about the fedora-list
mailing list