Re: Selinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Bruno Wolff III wrote:
On Sat, Nov 29, 2008 at 20:41:51 -0500,
  Tom Horsley <tom.horsley@xxxxxxx> wrote:
So why isn't it much simpler and less trouble to just turn off
selinux in the first place? I get the same level of security in the
end, and much less hassle in the meantime :-).

Because you can still leave it protecting other processes on the system
by either using pemissive domains or using audit2allow to generate rules
you can use to add a new policy module.

What would be really nice is if people reported these issues to bugzilla
instead of or in addition to griping about them here. Then either the app
or the policy could be fixed for everyone else.

Sorry, I assume that the QA process includes someone actually installing the application and seeing that it works. I would rather see things sit in updates-testing until someone is willing to sign off that they actually have been at least smoke tested?

It doesn't need to be some maintainer who does that, anyone who is going to use the package can take a moment to do the sign off, assuming that there's a process to identify people as capable of installing a package with selinux enabled (lots of folks), and willing to do so (still hopefully a non-empty set).

If Fedora is going to ship with SElinux enabled, it also should be working. I keep one fully patched VM for testing things, just create a qcow clone and and run the test. Great for opening those web sites which may be useful or may have evil, among other things.

--
Bill Davidsen <davidsen@xxxxxxx>
  "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux