Forward looking to FC2 final and SELinux

Jesse Keating jkeating at j2solutions.net
Tue Apr 6 19:21:54 UTC 2004 

On Tuesday 06 April 2004 12:24, Michael A. Peters wrote:
> Actually - I think desktops and general servers are where it is the
> most beneficial. On the desktop, I think it can help prevent the
> spread of worms from people who turn their firewall off, play with
> sendmail, and don't patch. For the general servers, it helps prevent
> compromise of one service from impacting another.

General servers maybe.  Workstations, where users add a plethora of 
third party software, almost all of it w/out any SELinux support 
(policy additions), can quickly become a mess, with the user usually 
just turning off SELinux completely rather than deal with the headache.

> I think the reason the current setting is enforce is because it needs
> to have everything ironed out. It is an install option, though - so
> it's not like it would be forced on anyone.

Sure it's an option, but (non scientific) studies have shown that the 
defaults are what are used most often.  My recommendation was to keep 
it as an option during the install, but leave the default as off.

> I am willing to bet that the default for worsktation installs will be
> permissive. Just a hunch I got.
>
> > In short, I'd urge strongly to have SELinux turned off for the
> > final release, and perhaps even for Test3.  Having it there is
> > extremely cool for those that will need/want it.  Forcing it upon
> > the rest of the world is not wise IMHO.
>
> I agree it should be permissive default for workstation install.
> But not for test3 - test3 is a test release.

Test3 is the final test (currently) before the final release.  This 
means it's more of a release candidate than a test release.  It should 
mimic exactly what the full release will be like.  How can one test the 
full release if there were no test releases that mimic it exactly?

-- 
Jesse Keating RHCE      (geek.j2solutions.net)
Fedora Legacy Team      (www.fedoralegacy.org)
GPG Public Key          (geek.j2solutions.net/jkeating.j2solutions.pub)
 
Was I helpful?  Let others know:
 http://svcs.affero.net/rm.php?r=jkeating
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20040406/03bcf21f/attachment-0002.bin

More information about the devel mailing list