SElinux on upgraded machines
Chuck Anderson
cra at WPI.EDU
Fri Dec 12 14:21:56 UTC 2008
On Fri, Dec 12, 2008 at 06:21:08AM -0500, Leam Hall wrote:
> On Fri, 2008-12-12 at 02:21 -0800, Mike Cloaked wrote:
> > I would like to raise an issue concerning the use of SElinux that has meant
> > that my decision to leave SElinux enabled and forcing in F9 and 10 for the
> > first time has taken up a significant amount of time to get things working.
> > It is very good to have the additional security that SElinux gives but it is
> > important to pland and manage the transition from non-SElinux systems to a
> > newer setup where the machines are all running with SElinux enabled.
>
> So far I've avoided the issue by turning SELinux off. While I think
> SELinux is a great idea for advanced users and servers it seems to make
> new user transitions difficult.
>
> I wonder if making SELinux default to "disabled" if the install selects
> the Desktop/Office Suite group makes sense? Do many people have their
> daily use productivity machines shared out to others?
No, this would be bad. Fresh installs of F9 or F10 work just fine
with SELinux enabled as a desktop system, as long as you don't try to
integrate older filesystems or NFS as the OP stated. Even /home
migrates cleanly with just a simple restorecon -R /home in most cases.
More information about the fedora-test-list
mailing list