Request to re-add option to disable SELinux - compromise
Denis Leroy
denis at poolshark.org
Mon Jul 7 14:39:20 UTC 2008
max wrote:
> Denis Leroy wrote:
>> max bianco wrote:
>>> Can an option to completely disable the ability to disable SELinux be
>>> added? I'd rather there was no way to turn it off at all.
>>
>> that doesn't make *any* sense
>>
> It make as much sense as the rest of this thread and what it proposes.
> Yes I realize this is extreme but no more extreme in my view than
> disabled by default or offering the option at install time. There is
> already a way to disable it if you know enough and if you don't then you
> need it on anyway. For crying out loud my girlfriend uses Fedora, her
> use is much closer to average than any of the rest of us and SELinux has
> *never* caused her a problem. My mother, as computer illiterate as they
> come( no disrespect intended Mom) does not have any problems. This
> conversation is pointless, I see a hundred posts about people
> complaining about people discussing things like the GPL on a developer's
> list, a subject quite relevant in my view, but when the idea of
> disabling practically the only security present on the system is brought
> up , it actually gets entertained? Disable it?!?What?!? It seems to me
> that entirely too many people have their priorities seriously out of
> whack.
you are COMPLETELY missing the point. In some context, security is
irrelevant. Like that Fedora system we use in our lab at work for
bringup testing: it doesn't even have a network card.
some people thing that criticizing SELinux installation policy (not
SELinux itself mind you, which is a useful thing) == saying "security is
not important". This is ridiculous.
The only scenario I can think of where SELinux disabled installation
would be forcefully prohibited would be, say, a custom Fedora spin
targeted at employees or students where you don't want some smart guy to
disable it (because that would mean your job)...
More information about the fedora-devel-list
mailing list