Request to re-add option to disable SELinux - compromise
Callum Lerwick
seg at haxxed.com
Wed Jul 9 14:52:49 UTC 2008
On Wed, Jul 9, 2008 at 4:58 AM, Nils Philippsen <nphilipp at redhat.com> wrote:
> On Mon, 2008-07-07 at 18:50 +0200, Denis Leroy wrote:
>
>> However sabotaging the installer to make it impossible for people to
>> disable it at installation, now that's where I say "that doesn't make
>> any sense", cf my original email.
>
> "Sabotaging"? For crying out loud... there is no immediate need to be
> able to do this at installation time, it can just as well be done
> afterwards (or you can use kickstart to do it).
>
> One question nobody has been able to answer to my satisfaction yet: Why
> would it be essential that SELinux can be disabled from the installer
> vs. from the installed system? Last time I checked, the plan was to get
> non-essential functionality out of anaconda.
Because booting with selinux enabled after installing onto a
filesystem such as reiserfs that doesn't work with selinux results in
epic fail. As in, you can not log in. Though you can get around this
by booting with selinux=0 on the kernel command line...
Though I haven't done this since something like FC6. I migrated to
ext3 so I could use selinux.
And while I'm at it, I'll provide a counterpoint and point out that
I've run all my machines, including my wife's laptop, with selinux
enabled since FC6. I've never, ever run in to any problem. Ever. I
don't know what you people are doing, but you must be doing it wrong.
More information about the devel
mailing list