Request to re-add option to disable SELinux - compromise

jeff moe at blagblagblag.org
Mon Jul 7 19:24:56 UTC 2008


Rahul Sundaram wrote:
> jeff wrote:
>>>> But there are numerous other justifications I could give, including my
>>>> personal belief that it's absolutely nuts to thrust SE Linux upon
>>>> unsuspecting Desktop users (who don't know what it is anyway) without
>>>> giving them the choice to turn it off.
>>>
>>> If they don't know what it is, how are they supposed to decide to shut
>>> it off or not?
>>
>> Perhaps by way of a compromise it could be noted in the installation 
>> docs if you want to disable SELinux you should add "linux selinux=0" 
>> to the boot: line of the install CD. This would make the option 
>> available the same way that xfs/reiserfs/jfs are available. The user 
>> isn't confronted with it, but Linus[1] can then easily disable it at 
>> install time.
> 
> The policy has already been fixed

Which policy? The no dialog box in anaconda? I'm not saying it should be 
restored. I'm offering a workaround with *no* dialog box, default installs get 
SELinux, but users that *know* they don't want SELinux still have an option for 
it at install time.

> and swfdec isn't installed by default so there is no need to do that. 

I didn't mean to drag swfdec into this--I pointed at that bug for this quote 
(which I should have made more clear):

torvalds at linux-foundation.org wrote[1]:
"Normally I just turn selinux off"

> It is already documented in the SELinux 
> FAQ now but installation guide can have a reference too.

Well, it would require *slightly* more than just that: like a couple lines in 
anaconda to make sure that selinux=0 got passed to grub.conf. That's it though. 
Very very unobtrusive.

 > File a RFE.

Done.

https://bugzilla.redhat.com/show_bug.cgi?id=454338


-Jeff

[1] https://bugzilla.redhat.com/show_bug.cgi?id=439858#c31




More information about the fedora-devel-list mailing list