[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Request to re-add option to disable SELinux - compromise

Hash: SHA1

Ralf Corsepius wrote:
> On Wed, 2008-07-09 at 11:04 -0400, Daniel J Walsh wrote:
>> So this bug will happen whenever SELinux was disabled.
> Note: This bug ... provided the fact SELinux is not transparent ... can
> you exclude other cases?
>>   Whether or not
>> you disabled it during install or post install.  So your example of why
>> SELinux needs to be able to be disabled in Anaconda is flawed.
> May-be, may-be not, ... I may be wrong in this particular case, but
> otherwise I disagree with you - I regret having to say this, but I've
> been too often hit issues with SELinux-policies in all the years SELinux
> is in Fedora to have grant it much trust.
Yes, I understand this.  And if bugs/problems in the past cause you to
not run with SELinux, that is fine.  But you have not given an example
of why having/not having the option in Anaconda changes this.
> Anyway, another case: SELinux's run-time memory consumption is too big
> for some classes of (low end) HW.
For low end hardware you will probably need to do custom install
anyways.  But
> Related to it: I had experienced cases where selinux-policy updates took
> hours and occasionally caused kernel oops'es.
Depending on the size of a system if it needed to relabel a  major
portion it could take a very long time.  Kernel oopses are regrettable.
> Ralf

Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]