SELinux removed from desktop cd spin?
David Nielsen
david at lovesunix.net
Wed Jan 16 20:57:03 UTC 2008
ons, 16 01 2008 kl. 20:57 +0100, skrev Valent Turkovic:
> Hi,
> I believe that SELinux is a great linux server security hardening tool
> but that has little use in desktop linux usage and it confuses
> ordinary desktop users.
> If it hasn't been discussed before I would like to propose that on
> desktop cd spin SELinux is not installed by default, of course after
> discussion and approval from you (fedora devels).
-infinity
You opt out of security not into it, if SELinux presents a problem in an
otherwise legitimate use case then it's a bug and it should be fixed.
Dan Walsh is normally a very responsive maintainer and bugs get fixed
nearly instantly.
Prevention is better than waiting for a problem to erupt and then
scramble to provide a 0 day patch to every critical bug. In much the
same way as we vaccinate people to avoid illness in the future instead
of just relying on luck and treatment.
All that being said, SELinux is disabled on this box, I run constantly
on an up to date Development and every day uptill a few weeks ago it has
run basically without a problem with SELinux enabled in enforcing mode.
I totally put that on me though because I haven't gotten around to
tracking the issues and filing them.
- David
More information about the fedora-devel-list
mailing list