Request to re-add option to disable SELinux

Simo Sorce ssorce at redhat.com
Fri Jul 4 18:34:38 UTC 2008


On Fri, 2008-07-04 at 22:45 +0500, Suren Karapetyan wrote:
> The option to disable SELinux didn't create problems for anyone.
> Experienced users knew what to do. And people not knowing what it is
> just clicked 'Next'.

Wrong, it added yet another annoying mysterious choice for everybody. 

You have all the tools to disable it later, it's not like we took away
the possibility to disable it, we just don't ask for it at installation
like we do not ask for other gazzilion configuration option at
installation time.

Everyone have some specific setting they change for the default right
after installation, should everyone get an option for it into the
install screen?

Let's be less selfish guys and look at the bigger picture.

If you know you don't need SELinux for whatever reason you can simply
disable it after installation (or in kickstart if you do automated
installations).

If you are a Fedora developer and disable it by default to "develop"
packages than I honestly think you are poorly executing your task.
You should set it to permissive only when you get some "access denied"
problem while testing the specific changes, and as soon as you are happy
with it and ready to push a new package, you should FIRST set SELinux
back to Enalbled and (working with Dan if necessary) make sure your
package pass again all your tests.
Not doing so you are making a disservice to the Fedora community,
because if you don't test with SELinux on then you don't know if your
stuff will work with it enabled, and you will create a bad experience
for other developers and users.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York




More information about the fedora-devel-list mailing list