Request to re-add option to disable SELinux - compromise
Peter Jones
pjones at redhat.com
Mon Jul 14 15:39:53 UTC 2008
jeff wrote:
> Peter Jones wrote:
> > Does the system boot up correctly afterwards?
>
> Yes, assuming the "Starting in permissive mode" is correct.
That seems to match all the important criteria -- it doesn't enforce the
permissions scheme on you. It doesn't get "in the way".
> > What does "getenforce" say when you run it?
>
> "Disabled"
>
>
> I don't know what the ramifications are, but it definitely has different
> behaviour if you disable using selinux=0 than if you don't. I see no
> reason why it should be loaded, initialized, etc. if it isn't wanted.
We're not stopping you from setting it to disabled in the config file,
we're just not helping you do so, either. Really, permissive is good
enough here. If you're really /actively/ concerned about it, the
barrier to disabling it completely is very low. If you're not,
permissive is enough.
Since this seems to work, I don't think we'll be making any further
changes in anaconda to support this fringe use case.
--
Peter
More information about the devel
mailing list