[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Request to re-add option to disable SELinux



On Fri, 2008-07-04 at 09:59 -0700, Andrew Farris wrote:
> Suren Karapetyan wrote:
> > On Fri, 2008-07-04 at 12:08 +0200, Nils Philippsen wrote:
> >> On Fri, 2008-07-04 at 01:54 +0500, Suren Karapetyan wrote:
> >>> EVERYBODY who used to disable SELinux when the combo-box was there will
> >>> STILL disable it. We didn't get ANYTHING from removing that *feature*.
> >> Please don't confuse features with workarounds. 
> > I need ´╗┐neither SELinux nor encrypted rootfs on my desktop (at least
> > now). So I'm not trying to workaround SELinux related problems. I just
> > don't need it/them.
> 
> I think its unfortunate that so many people believe SELinux is something 'for 
> the server' and not needed 'on the desktop'.  That probably comes from the first 
> policy being deployed for server processes (if my memory serves correctly).  I'm 
> not attacking your own position on this point Suren, but it is hard to 
> understand why you would think this unless not really understanding what SELinux 
> is meant to prevent.
> 
> The core developers working on SELinux have many times said the desktop is 
> precisely where it is most needed, especially confining browsers and plugins.  I 
> think my personal information on my laptop is worth the extra security.
> 
> -- 
> Andrew Farris <lordmorgul gmail com> www.lordmorgul.net
>   gpg 0x8300BF29 fingerprint 071D FFE0 4CBC 13FC 7DEB  5BD5 5F89 8E1B 8300 BF29
> 

I'm no expert of SELinux, but I do have a good understanding of what it
does (at least currently).
And I agree: it's much more useful on the desktop than (BTW. don't laugh
at me when I mess with then/than) on the server (tune at a bit and it
can prevent social engineering).
But it's not useful to me.
And I understand I'm not the only user and it's OK if I don't like
something, others may like/want/need it.
But Fedora is about Freedom... freedom of choice among others.
And we are making increasingly harder to make non-standard choice.

The option to disable SELinux didn't create problems for anyone.
Experienced users knew what to do. And people not knowing what it is
just clicked 'Next'.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]