RE: Core 3 Release 1 - SELinux is activated by default

• Previous message: david walcroft: "Re: FC2 location of GPG keys"
• In reply to: William Hooper: "Re: Core 3 Release 1 - SELinux is activated by default"
• Next in thread: William Hooper: "RE: Core 3 Release 1 - SELinux is activated by default"
• Reply: William Hooper: "RE: Core 3 Release 1 - SELinux is activated by default"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: "'For users of Fedora Core releases'" <fedora-list@redhat.com>
Date: Fri, 16 Jul 2004 22:08:05 -0600

I have to agree with Mr. Linhardt that SELinux should not be enabled as the
default.
May I suggest that it be placed in the mode where it only reports the
violations
and does not enforce them. If someone wants to have it fully enforce then
after
install the user can change the selinux config file to fully enable SELiux.
Likewise if someone does not want it at all then they can again configure
the system
to have SELinux Disabled and reboot.

Years ago I was one of the implementers of SEVMS on Digital VAX systems
which set the standard
for this kind of software so I do understand the frustrations of not having
a choice.

Renee Lee

-----Original Message-----
From: fedora-list-bounces@redhat.com [mailto:fedora-list-bounces@redhat.com]
On Behalf Of William Hooper
Sent: Friday, July 16, 2004 8:41 PM
To: fedora-list@redhat.com
Subject: Re: Core 3 Release 1 - SELinux is activated by default

Terry Linhardt said:
[snip]
> Look, I was suggesting something for consideration. The rationale is
> that many individuals don't care to get "entangled" in SELinux at this
> time. There are plenty of other things to be tested. Now, I'll accept
> that the case can be made that the configuration can be readily
> changed via a drop-down box, and an individual should know what they
> are doing when they accept a "default" (which is to implement
> SELinux). However, my sense is that when something is implemented
> which requires some different admin techniques then the default should
> be to "not implement."

One would hope that someone choosing to install a test release would do the
research to know what they are doing. :-)

The best way to get something widely tested it to make it the default. The
more SELinux gets tested the better it will get.

-- 
William Hooper
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

• Previous message: david walcroft: "Re: FC2 location of GPG keys"
• In reply to: William Hooper: "Re: Core 3 Release 1 - SELinux is activated by default"
• Next in thread: William Hooper: "RE: Core 3 Release 1 - SELinux is activated by default"
• Reply: William Hooper: "RE: Core 3 Release 1 - SELinux is activated by default"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]