On 25 January 2016 at 14:28, Tim ignored_mailbox@yahoo.com.au wrote:
Allegedly, on or about 25 January 2016, bruce sent:
I fully get the need for security.. But if I can't get the security working as it should, but I still need to build whatever the project might be.. the project is going to get created.
If running Selinux in permissive mode is enough, great, so be it.
SELinux in permissive mode is *not* secure. You're using the computer in an insecure mode, and all SELinux is doing is logging the things that it would have stopped.
I have actually once seen permissive mode preventing login, IIRC this was something to do with PackageKit doing its own context based checks.
As for the rest though, Miroslav's reply is spot on, if there are specific problems or issues then get help from the selinux list to sort them out, but the policy setup and tools are mature enough at this point that it's rare. If Bruce is really concerned, run permissive, check there's no alerts coming up then switch to enforcing. Worst that happens is you have to kill that instance because you lose access, and like I've said I think that's hard to do. It's not something that's suddenly going to kick you out during operation in any normal circumstance.