SELinux threads, cynicism, one-upmanship, etc.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Additionally,

EVERY install I have done (and thats quite  few) has it in Enforcing 
mode by default unless you turn it off....
Not permissive, not disabled, but indeed without a shadow of doubt, in 
"enforcing".

Don't cloud the issue with a fuzzy definition of what [you think] 
default means,  it doesn't do the discusssion justice.

"Default" has a fixed definition in the English language, and I have 
already covered that.

And that really is the end of this thread I believe...



Johnny Hughes wrote:

>On Mon, 2005-11-21 at 14:15 +0000, Peter Farrow wrote:
>  
>
>>The point was, as its very much beta quality, it should be up to the 
>>user to ask for it, not have it dropped on them by default.
>>
>>Thats the point Brian was making, the essence of the reply to that was 
>>"its not enabled by default because you can turn it off"
>>
>>Which is, as we all know, is a rather absurd statement....which had to 
>>be remedied by, yes if you like, a pedantic reply, but a nonetheless 
>>valid one...
>>    
>>
>
>I disagree ... to me enabled by default would be like the core and base
>default packages .... they are turned on, and one can not turn them off.
>They are enabled by default, whether you need them or not.
>
>SELinux would be enabled by default if it were turned on that way.
>
>Also, even if your more liberal definition of "Enabled by default" is
>used ... what is enabled is the "permissive" mode - SELinux prints
>warnings instead of enforcing.  There is an "Enabling" mode that must be
>specifically selected.
>
>So, why is no one complaining that LVM2 is enabled by default ... or
>that your C: drive is formatted by default?
>
>Because, you are expected to read and take action during an install.
>That includes whether or not you include a firewall or enable SELinux.
>  
>
>>Craig White wrote:
>>
>>    
>>
>>>On Mon, 2005-11-21 at 13:56 +0000, Peter Farrow wrote:
>>> 
>>>
>>>      
>>>
>>>>>>It is not enabled by default ... unless you mindlessly click through
>>>>>>            
>>>>>>
>>>>"Default" means, unless you do something to specify otherwise it will be 
>>>>this way,
>>>>
>>>>SElinux IS enabled by default, as doing an install without specifically 
>>>>searching for it and changing it will result in it being enabled.
>>>>
>>>>http://isp.webopedia.com/TERM/D/default.html
>>>>
>>>>
>>>>
>>>>
>>>>screens without reading them.
>>>>
>>>>        
>>>>
>But ... SELinux (at least in a mode that does anything) is not set to be
>enabled by default ... it is in permissive and not enabling.
>  
>
>>>>   
>>>>
>>>>        
>>>>
>>>----
>>>you are being a bit pedantic here.
>>>
>>>Defaults, installation options, etc. are set by upstream provider.
>>>
>>>If someone were to simply click-through the install without
>>>customization, it would indeed be turned on as would a firewall without
>>>holes and no doubt in that event, said unthinking user would benefit
>>>      
>>>
>>>from both.
>>    
>>
>true
>  
>
>------------------------------------------------------------------------
>
>_______________________________________________
>CentOS mailing list
>CentOS@xxxxxxxxxx
>http://lists.centos.org/mailman/listinfo/centos
>  
>


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux