A little clarification on the disabling of SELinux and so forth;
the maximum an AOS can do to form a viable basis for all kinds of weird
appliance stuff to be built upon is to set SELinux to permissive. You
won't see many appliances out there actually having SELinux enforcing
(or actually having SELinux at all). It'll most likely not be very
sustainable for appliance builders to move their work into something
that can cope with the SELinux culprit. This is a side-note as to why it
is not unreasonable to disable SELinux on this particular spin.
On the other hand, of course we do have an agenda to push and that
agenda includes SELinux as being one of the core features of the entire
Fedora line of products (including the few enterprise linux spin-offs).
It's one of the main features and we would rather see appliances built
upon an AOS that has SELinux enforcing by default while it can still be
disabled.
Whether we consider SELinux to be a main feature that has to be included
(enforcing) on every spin impacts our ability to really do the
customization that we find important, too. I'm thinking that a security
/ forensics spin (extended rescue environment on live media) will not
want to have SELinux do anything either (especially not restorecon), and
will maybe have to set it to permissive.
Kind regards,
Jeroen van Meeuwen
-kanarip
_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
