Request to re-add option to disable SELinux
Andrew Farris
lordmorgul at gmail.com
Thu Jul 3 03:33:24 UTC 2008
Jon Masters wrote:
> On Wed, 2008-07-02 at 18:29 -0700, Andrew Farris wrote:
>> Jon Masters wrote:
>>> On Wed, 2008-07-02 at 17:16 -0400, Alan Cox wrote:
>>>> SELinux should be disablable is the wrong discussion. The discussion you should
>>>> be having is "I've filed a few bugs where SELinux didn't magically do the right
>>>> thing, how do we fix them and can we make these less likely to occur in future"
>>> I think the only way to "fix" it for the foreseeable future is to
>>> simplify policy, so that only a very limited set of services are
>>> confined. Then, when the graphical tools and user experience have
>>> eventually caught up, it'll be trivial to switch policy again.
>> selinux-policy-targeted is precisely that.
>
> Or more precisely, it would like to be that. Abrupt, single line replies
> like the above amuse me perhaps more than they should, because they
> carry the implication that I didn't actually consider what is currently
> implemented in Fedora before sending my original mail ;)
>
> Anyway. I've tried to make my point, I'm done now :)
I apologize for the brevity then, but having read your previous mails it seemed
quite clear you hadn't looked at what targeted policy is when asking for it. If
there are specific situations, or policy bugs, or services you feel shouldn't be
confined under targeted policy it might make sense... but asking for a limited
set of services when it exists is just about as confounded as you can get. I
meant (and still mean) no offense, but if you want more thoughtful comments it
would help to be more clear about what you have and haven't already learned
about the situation.
--
Andrew Farris <lordmorgul at gmail.com> www.lordmorgul.net
gpg 0x8300BF29 fingerprint 071D FFE0 4CBC 13FC 7DEB 5BD5 5F89 8E1B 8300 BF29
More information about the fedora-devel-list
mailing list