Alan Cox wrote:
that the disadvantages far outweigh the advantages. There are
exactly three users which can actually log on to my machine:
You hope...
:-)
It appears to me that RH is courting large corporate or government
users where political considerations and the ability to dodge
responsibility are important, rather than stand-alone small desktop
systems with single or just a very few actual users.
SELinux is useful in both cases. Large corporations may well use custom
rules to protect critical data or enforce policies (eg 'no you can't run
anything you download').
This is a subjective, not objective, assessment.
In the general case its there to protect all systems and users by doing
I'm aware of the intent.
[snip]
default level of security appropriate to external risk. Allowing users to
turn off security is generally better than assuming they will read the
manual and turn it on.
We agree there.
I think it would be better if they had the option simply not
to install.
Its a bit like asking for a car to come with automatic or manual
transmission. It isn't a last minute extra you fit like a headrest its
intrinsic to the very build of the system.
I guess you missed my comment (easy to do in this thread) that
HAD IT BEEN DONE RIGHT at the start, it would be much easier than
trying to retrofit now.
There are sound engineering reasons why "rpm -e selinux" isn't doable (or
believe me we'd have done it that way!)
Yes, that is not easily doable. But that's not the same as
"don't install on my otherwise blank disc".
By your own count, there are something like 50 apps which
are SELinux aware, along with some libraries, and the kernel.
These would need different versions, one SELinux, one not.
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list