Request to re-add option to disable SELinux - compromise

Peter Jones pjones at redhat.com
Mon Jul 14 15:39:53 UTC 2008


jeff wrote:
> Peter Jones wrote:
>  > Does the system boot up correctly afterwards?
> 
> Yes, assuming the "Starting in permissive mode" is correct.

That seems to match all the important criteria -- it doesn't enforce the 
permissions scheme on you.  It doesn't get "in the way".

>  > What does "getenforce"  say when you run it?
> 
> "Disabled"
> 
> 
> I don't know what the ramifications are, but it definitely has different 
> behaviour if you disable using selinux=0 than if you don't. I see no 
> reason why it should be loaded, initialized, etc. if it isn't wanted.

We're not stopping you from setting it to disabled in the config file, 
we're just not helping you do so, either.  Really, permissive is good 
enough here.  If you're really /actively/ concerned about it, the 
barrier to disabling it completely is very low.  If you're not, 
permissive is enough.

Since this seems to work, I don't think we'll be making any further 
changes in anaconda to support this fringe use case.

-- 
   Peter




More information about the devel mailing list