[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Request to re-add option to disable SELinux - compromise



jeff wrote:
Peter Jones wrote:
 > Does the system boot up correctly afterwards?

Yes, assuming the "Starting in permissive mode" is correct.

That seems to match all the important criteria -- it doesn't enforce the permissions scheme on you. It doesn't get "in the way".

 > What does "getenforce"  say when you run it?

"Disabled"


I don't know what the ramifications are, but it definitely has different behaviour if you disable using selinux=0 than if you don't. I see no reason why it should be loaded, initialized, etc. if it isn't wanted.

We're not stopping you from setting it to disabled in the config file, we're just not helping you do so, either. Really, permissive is good enough here. If you're really /actively/ concerned about it, the barrier to disabling it completely is very low. If you're not, permissive is enough.

Since this seems to work, I don't think we'll be making any further changes in anaconda to support this fringe use case.

--
  Peter


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]