On 25 January 2016 at 14:28, Tim <ignored_mailbox@xxxxxxxxxxxx> wrote: > Allegedly, on or about 25 January 2016, bruce sent: >> I fully get the need for security.. But if I can't get the security >> working as it should, but I still need to build whatever the project >> might be.. the project is going to get created. >> >> If running Selinux in permissive mode is enough, great, so be it. > > SELinux in permissive mode is *not* secure. You're using the computer > in an insecure mode, and all SELinux is doing is logging the things that > it would have stopped. > I have actually once seen permissive mode preventing login, IIRC this was something to do with PackageKit doing its own context based checks. As for the rest though, Miroslav's reply is spot on, if there are specific problems or issues then get help from the selinux list to sort them out, but the policy setup and tools are mature enough at this point that it's rare. If Bruce is really concerned, run permissive, check there's no alerts coming up then switch to enforcing. Worst that happens is you have to kill that instance because you lose access, and like I've said I think that's hard to do. It's not something that's suddenly going to kick you out during operation in any normal circumstance. -- imalone http://ibmalone.blogspot.co.uk -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
