Request to re-add option to disable SELinux - compromise

Denis Leroy denis at poolshark.org
Mon Jul 7 16:50:06 UTC 2008


max wrote:
> The last time I looked a computer without internet access is completely 
> useless to the average user. What do you think the majority of people 
> are doing with their computers? playing solitaire? No network card is 
> not the norm. Anyway what's to stop some disgruntled employee from 
> quietly loading a program onto your test box that will have you 
> scratching your head for days because you can't imagine what might be 
> wrong.

I have a media server here with Fedora on it. Just a storage box with 
MP3s on it. It has no direct connectivity to the net, as such it has no 
root password, no firewall and no SELinux. Adding any of these would be 
a complete waste of time and disk space since they offer no protection 
against an intruder with direct physical access and a screwdriver. OTOH, 
the filesystem is encrypted.

I'm not sure what you're arguing for. You're saying security is 
important. I fully agree. You're saying SELinux is important. I fully 
agree. You're saying SELinux should be enabled by default on our Desktop 
installation. I fully agree. Fedora is probably (? does anyone know for 
sure) the only desktop distro that does this by default.

However sabotaging the installer to make it impossible for people to 
disable it at installation, now that's where I say "that doesn't make 
any sense", cf my original email.




More information about the devel mailing list