[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Request to re-add option to disable SELinux



Jon Masters wrote:
On Wed, 2008-07-02 at 18:29 -0700, Andrew Farris wrote:
Jon Masters wrote:
On Wed, 2008-07-02 at 17:16 -0400, Alan Cox wrote:
SELinux should be disablable is the wrong discussion. The discussion you should
be having is "I've filed a few bugs where SELinux didn't magically do the right
thing, how do we fix them and can we make these less likely to occur in future"
I think the only way to "fix" it for the foreseeable future is to
simplify policy, so that only a very limited set of services are
confined. Then, when the graphical tools and user experience have
eventually caught up, it'll be trivial to switch policy again.
selinux-policy-targeted is precisely that.

Or more precisely, it would like to be that. Abrupt, single line replies
like the above amuse me perhaps more than they should, because they
carry the implication that I didn't actually consider what is currently
implemented in Fedora before sending my original mail ;)

Anyway. I've tried to make my point, I'm done now :)

I apologize for the brevity then, but having read your previous mails it seemed quite clear you hadn't looked at what targeted policy is when asking for it. If there are specific situations, or policy bugs, or services you feel shouldn't be confined under targeted policy it might make sense... but asking for a limited set of services when it exists is just about as confounded as you can get. I meant (and still mean) no offense, but if you want more thoughtful comments it would help to be more clear about what you have and haven't already learned about the situation.

--
Andrew Farris <lordmorgul gmail com> www.lordmorgul.net
 gpg 0x8300BF29 fingerprint 071D FFE0 4CBC 13FC 7DEB  5BD5 5F89 8E1B 8300 BF29


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]