On 07/07/2010 03:55 PM, Martin Sourada wrote:
On Wed, 2010-07-07 at 08:42 -0400, Paul W. Frields wrote:
> On Wed, Jul 07, 2010 at 09:48:11AM +0300, Nicu Buculei wrote:
>> I would
>> *never* recommend that to a newbie or non-security conscious user (as
>> the designers are presumed to be). So we must have SELinux installed and
>> active by default.
> I think these changes are due to both the excellent maintenance of
> policy by Dan Walsh and others, and also more effective communication
> about the benefits of SELinux.
I'd second that. I remember some years ago SELinux on desktop was
practically unusable -- lots of problems, applications stopping to work
because of it -- but now, I have SELinux turned on in enforcing mode and
everything works without issues. One thing that bugs me though, is that
the troubleshoot applet is slow like hell (and I still have some
wrongly-labeled directories from the olden times which I slowly relabel
anytime a SELinux denial pops up...) :-D
So we have an agreement SELinux must stay on the spin.
nicu :: http://nicubunu.ro