SELinux should be off by default in FC3

[Chris Adams]

Once upon a time, Stephen Smalley <sds at epoch.ncsc.mil> said:
> > For example lftp client understands chmod.   does it understand restorecon?
> 
> Not yet, AFAIK.  Nor will it likely ever if SELinux is disabled by
> default and it remains limited to a very small user community.

That doesn't really have much to do with SELinux being enabled or
disabled; it has more to do with coming up with a standard FTP extension
to handle additional security settings, getting it in an RFC, and
getting software authors to implement it.  It could be done as a SITE
command, but it still needs to be well-specified before anyone would
support it.

The basic fact is that FTP isn't going away for a long time to come.
With things like Kerberos and IPsec or even STARTTLS, FTP doesn't need
to go away.

-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.