Core 3 Release 1 - SELinux is activated by default

Dana-Renee Lee fedora-list at anadromada.net
Sat Jul 17 04:08:05 UTC 2004


I have to agree with Mr. Linhardt that SELinux should not be enabled as the
default.
May I suggest that it be placed in the mode where it only reports the
violations
and does not enforce them.  If someone wants to have it fully enforce then
after
install the user can change the selinux config file to fully enable SELiux.
Likewise if someone does not want it at all then they can again configure
the system
to have SELinux Disabled and reboot.

Years ago I was one of the implementers of SEVMS on Digital VAX systems
which set the standard
for this kind of software so I do understand the frustrations of not having
a choice.

Renee Lee

-----Original Message-----
From: fedora-list-bounces at redhat.com [mailto:fedora-list-bounces at redhat.com]
On Behalf Of William Hooper
Sent: Friday, July 16, 2004 8:41 PM
To: fedora-list at redhat.com
Subject: Re: Core 3 Release 1 - SELinux is activated by default



Terry Linhardt said:
[snip]
> Look, I was suggesting something for consideration. The rationale is 
> that many individuals don't care to get "entangled" in SELinux at this 
> time. There are plenty of other things to be tested. Now, I'll accept 
> that the case can be made that the configuration can be readily 
> changed via a drop-down box, and an individual should know what they 
> are doing when they accept a "default" (which is to implement 
> SELinux). However, my sense is that when something is implemented 
> which requires some different admin techniques then the default should 
> be to "not implement."

One would hope that someone choosing to install a test release would do the
research to know what they are doing. :-)

The best way to get something widely tested it to make it the default.  The
more SELinux gets tested the better it will get.

-- 
William Hooper


-- 
fedora-list mailing list
fedora-list at redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list





More information about the users mailing list