Forward looking to FC2 final and SELinux
Michael A. Peters
mpeters at mac.com
Tue Apr 6 19:24:32 UTC 2004
On Tue, 2004-04-06 at 11:59, Jesse Keating wrote:
>
> While SELinux is very cool, and very usefull in corner cases of edge
> servers, it's not very cool for workstations, desktops, general
> servers, etc...
Actually - I think desktops and general servers are where it is the most
beneficial. On the desktop, I think it can help prevent the spread of
worms from people who turn their firewall off, play with sendmail, and
don't patch. For the general servers, it helps prevent compromise of one
service from impacting another.
I think the reason the current setting is enforce is because it needs to
have everything ironed out. It is an install option, though - so it's
not like it would be forced on anyone.
I am willing to bet that the default for worsktation installs will be
permissive. Just a hunch I got.
>
> In short, I'd urge strongly to have SELinux turned off for the final
> release, and perhaps even for Test3. Having it there is extremely cool
> for those that will need/want it. Forcing it upon the rest of the
> world is not wise IMHO.
I agree it should be permissive default for workstation install.
But not for test3 - test3 is a test release.
--
Cheap Linux CD's - http://mpeters.us/linux/
More information about the fedora-devel-list
mailing list