SElinux on upgraded machines

Chuck Anderson cra at WPI.EDU
Fri Dec 12 14:21:56 UTC 2008


On Fri, Dec 12, 2008 at 06:21:08AM -0500, Leam Hall wrote:
> On Fri, 2008-12-12 at 02:21 -0800, Mike Cloaked wrote:
> > I would like to raise an issue concerning the use of SElinux that has meant
> > that my decision to leave SElinux enabled and forcing in F9 and 10 for the
> > first time has taken up a significant amount of time to get things working.
> > It is very good to have the additional security that SElinux gives but it is
> > important to pland and manage the transition from non-SElinux systems to a
> > newer setup where the machines are all running with SElinux enabled.
> 
> So far I've avoided the issue by turning SELinux off. While I think
> SELinux is a great idea for advanced users and servers it seems to make
> new user transitions difficult. 
> 
> I wonder if making SELinux default to "disabled" if the install selects
> the Desktop/Office Suite group makes sense? Do many people have their
> daily use productivity machines shared out to others? 

No, this would be bad.  Fresh installs of F9 or F10 work just fine 
with SELinux enabled as a desktop system, as long as you don't try to 
integrate older filesystems or NFS as the OP stated.  Even /home 
migrates cleanly with just a simple restorecon -R /home in most cases.




More information about the fedora-test-list mailing list