USB thumb drive question... SELinux .. on or off?

Jerone Young jerone at gmail.com
Thu Oct 14 04:04:44 UTC 2004 

I think everyone is missing the point here. If I am an Average User I
am not running an apache web server. Most people who are not in the
security community have no idea what SELinux actually does. Most
system administrators today don't even take advantage of file system
ACLs. By having SELinux on by default you make simple problems turn
into big problems that people do not understand. I keep seeing these
arguments for apache web servers, that seems to be the only program
that has a usable policy out of the box right now. I hate to break it
to you guys but most people are trying to use Linux as a Desktop &
other uses that have nothing to do with apache. For those who know
what SELinux is they will will simply flip on the on switch. But most
people have no idea, and when it causes problems it just makes solving
them worse.


On Wed, 13 Oct 2004 21:42:34 -0400, Jim Cornette
<fct-cornette at sbcglobal.net> wrote:
> Jerone Young wrote:
> > One bug today.... another bug tommorow. Average users could care less
> > about SELinux, so why have it on, if it's just going to cause
> > potential issues for average users.
> >
> >
> > On Wed, 13 Oct 2004 11:40:50 -0400, Colin Walters <walters at redhat.com> wrote:
> >
> >>On Tue, 2004-10-12 at 14:00 -0500, Jerone Young wrote:
> >>
> >>>You know this is why SELiux needs to be off by default. It is just a
> >>>headache for average users that is not needed. For those who want
> >>>SELinux (myself being one) we know how to cut it one.
> >>
> >>It was just a bug.  Software has bugs.  We make test releases to find
> >>the bugs and fix them.
> >>
> 
> SELinux is pretty much out of the way for most processes. Since another
> linux distribution had their website cracked recently, it is a good idea
> to head off potential attacks before they become a common problem with
> Linux systems.
> 
> If a user wants to disable this feature. The feature is easily disabled
> using system-config-securitylevel or during the initial installation
> choices.
> 
> This choice might be prompted sort of like the "this is a beta release",
> and an install anyway prompt. Maybe a prompt stating "SELinux is a
> security feature that helps protect your system" and a choice for
> enabling or disabling SELinux.
> 
> my view,
> 
> Jim
> 
> --
> fedora-test-list mailing list
> fedora-test-list at redhat.com
> To unsubscribe:
> http://www.redhat.com/mailman/listinfo/fedora-test-list
>

More information about the test mailing list