Request to re-add option to disable SELinux - compromise

[jeff]

Rahul Sundaram wrote:
> jeff wrote:
>> Well, that's a broad policy. I'm just talking about the ability to 
>> disable it, not removing it altogether or whatever.
> 
> That wasn't clear from your reference to the bugzilla report which was 
> very specifically due to the interactions between swfdec being installed 
> by default and issues with SELinux policy which has subsequently been 
> fixed.

I'm not trying to talk about swfdec *AT ALL*. I referenced that bug report to 
show that even Linus Torvalds himself typically disables selinux (along with 
probably hundreds of thousands of other people).

>> I'm not talking about regular users. I'm talking about users that also 
>> use things like reiserfs/jfs/xfs/etc. and *know* they don't want selinux.
> 
> All filesystems that support extended attributes including the above 
> does support SELinux too so that choice shouldn't matter much. If users 
> prefer to disable it for other reasons, that should be supported which 
> the RFE you filed should cover.

Sorry I'm not being very clear.

I'm not trying to talk about how those filesystems and selinux interact.

I was merely pointing out reiserfs/jfs/xfs since they are supported in a 
similar way that I think disabling selinux could be supported. I simply meant, 
"Hey, there are obscure filesystem setups which are supported for power users 
via the 'boot:' line--we could do something similar with selinux".



But the proposal is getting confused with these side topics.


The proposal is simply to satisfy the people that want SELinux by default and 
the people that don't want SELinux at install time.  It meets the needs of both 
with minimal changes to fedora.


-Jeff