Re: Request to re-add option to disable SELinux - compromise

Rahul Sundaram wrote:
jeff wrote:
Well, that's a broad policy. I'm just talking about the ability to disable it, not removing it altogether or whatever.

That wasn't clear from your reference to the bugzilla report which was very specifically due to the interactions between swfdec being installed by default and issues with SELinux policy which has subsequently been fixed.

I'm not trying to talk about swfdec *AT ALL*. I referenced that bug report to show that even Linus Torvalds himself typically disables selinux (along with probably hundreds of thousands of other people).

I'm not talking about regular users. I'm talking about users that also use things like reiserfs/jfs/xfs/etc. and *know* they don't want selinux.

All filesystems that support extended attributes including the above does support SELinux too so that choice shouldn't matter much. If users prefer to disable it for other reasons, that should be supported which the RFE you filed should cover.

Sorry I'm not being very clear.

I'm not trying to talk about how those filesystems and selinux interact.

I was merely pointing out reiserfs/jfs/xfs since they are supported in a similar way that I think disabling selinux could be supported. I simply meant, "Hey, there are obscure filesystem setups which are supported for power users via the 'boot:' line--we could do something similar with selinux".

But the proposal is getting confused with these side topics.

The proposal is simply to satisfy the people that want SELinux by default and the people that don't want SELinux at install time. It meets the needs of both with minimal changes to fedora.


