SELinux should be off by default in FC3

[Stephen Smalley]

On Thu, 2004-10-07 at 09:52, Jeff Spaleta wrote:
> Education about needing to be aware of the contexts now is one issue,
> but we are going to definitely need to expose the security context
> information in the tools most people use to check file properties if
> we want it to be easy to deal with.  I know ls in rawhide exposes the
> contexts via -Z but I haven't poked around with nautilus to see if
> security context information is exposed there. And of course having
> nautilus be able to run the restorecon via a right click menu entry on
> a directory or file is going to be needed for smooth operation for a
> segment of the userbase.

Good ideas, please submit an RFE.  AFAIK, nautilus doesn't know about
security contexts at all.

> And are there any tools aimed at helping users figure out what file
> security context settings are needed for specific service/daemons?

Ideally, they only need to run restorecon on the path, and restorecon
will fetch the proper security context from the file_contexts
configuration and apply it.

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency