Ralf Corsepius rc040203 at
Tue Aug 31 13:34:29 UTC 2010

On 08/31/2010 02:26 PM, Tim wrote:
> On Mon, 2010-08-30 at 22:06 +0100, Alan Cox wrote:
>> As to software which demands you disable security, I always apply
>> common sense and treat it the same way as if a passing tradesman says
>> "can you just leave your door unlocked for the weekend"
> Likewise for people vehemently advocating to disable SELinux, I view
> them with a great deal of suspicion.  Is it simply they really do not
> like it, or do they have ulterior motives?
Neither. Initially, when trying to use it, they typically notice 
something stops working. Then, when trying to make it work, they get 
lost in arcane and cryptic tools.

To utilize Alan's ABS analogy: In most cases, the only UI ABS offers to 
end-users an on/off switch and "just works". SELinux however forces to 
fiddle and dig through 100s of knobs and switches.

In short: there is nothing fundamentally wrong with SELinux, except that 
its UIs and GUIs are not end-user-ready and that the Fedora SELinux 
policy packages suffer from bugs.


More information about the users mailing list