Request to re-add option to disable SELinux - compromise

jeff moe at blagblagblag.org
Wed Jul 9 22:03:48 UTC 2008


> One question nobody has been able to answer to my satisfaction yet: Why
> would it be essential that SELinux can be disabled from the installer
> vs. from the installed system? Last time I checked, the plan was to get
> non-essential functionality out of anaconda.

Essential may be a bit strong, but it may be "convenient". As I understand it, 
if you boot the install CD with selinux=0 the filesystem wont get labelled, 
making the install faster (and possibly less space?). I'd like to confirm that 
though.

Post install it would require an additional reboot to disable it, unless you 
disabled it at boot: prompt.


My previous suggestion seems to easily solve this for everyone involved though.

1) User types: "selinux=0" at boot: prompt of CD

2) anaconda parses this and installs without selinux, passing "selinux=0" to grub

3) First boot up, selinux is already disabled (ala selinux=0 passed via grub)



The benefits are that people that do want SELinux are never confronted with 
extra dialog boxes, power users that want to disable it have an easy way to do 
so, and no rebooting and such ala windoz95.

The only thing missing for this is to have anaconda pass "selinux=0" to grub. 
It already supports the rest. It would require a 1 or two line patch to anaconda:

anaconda.id.bootloader.args.append("selinux=0")


In other words, if you pass selinux=0 to anaconda install, it currently does 
*not* get passed to grub. It should, IMHO, and I don't see why it can't/shouldn't.


-Jeff




More information about the devel mailing list