SELinux removed from desktop cd spin?

Valent Turkovic valent.turkovic at gmail.com
Thu Jan 17 10:07:46 UTC 2008


Arthur Pemberton wrote:
> On Jan 17, 2008 1:40 AM, Valent Turkovic <valent.turkovic at gmail.com> wrote:
>> Warren Togami wrote:
>>> Valent Turkovic wrote:
>>>> Hi,
>>>> I believe that SELinux is a great linux server security hardening tool
>>>> but that has little use in desktop linux usage and it confuses
>>>> ordinary desktop users.
>>>> If it hasn't been discussed before I would like to propose that on
>>>> desktop cd spin SELinux is not installed by default, of course after
>>>> discussion and approval from you (fedora devels).
>>>>
>>>>
>>>> Cheers,
>>>> Valent
>>>>
>>> Also keep in mind that if SELinux break something on the desktop, THAT
>>> is a bug.  Starting before F8 I personally began to use SELinux enabled
>> Well I repoted how SELinux "broke" a mayor Fedora 8 feature. Fluendo
>> codecs don't work even if you buy them. Sure it is SELinux job to
>> disable if software has bugs, but fluendo can't fix it because it is
>> intel compiler bug that they can fix... and so on and on...
>> This is just one example. I disabled SELiux for that bug and now I can
>> play my multimedia. Did my machine blow up? Dig I get OWNED? Am I now
>> asking hacked to come and get me? Are my files being read and deleted
>> randomly by somebody? Did my memory overflow? No, no, no, no.
>> People just want thing to JustWork and SELinux has the stoping power of
>> magnum .44. Sure it is a powefull tool but you are puting it in
>> inexperienced hands and doing more damage to fedora desktop that it
>> gives benefit to users.
> 
> 
> Maybe you should have considered your real request when you wrote the
> original email, since in the title you say 'remove' now you're saying
> disable.
> 

It should be *ATLEAST* disabled by default, and I see more and more 
reason for it not being on cd in the first place.

The space it occupies can be much more used and give much more 
functionality and you sacrifice just one "feature" that hardly anybody 
would miss, and ones that do can easily install it and enable it.

Valent.




More information about the devel mailing list