SELinux threads, cynicism, one-upmanship, etc.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mon, 2005-11-21 at 14:45 +0000, Peter Farrow wrote:
> Additionally,
> 
> EVERY install I have done (and thats quite  few) has it in Enforcing 
> mode by default unless you turn it off....
> Not permissive, not disabled, but indeed without a shadow of doubt, in 
> "enforcing".
You may be right about in "Enforcing" mode, I have done more than a
thousand CentOS installs, and I thought the default was "Permissive" ...
I'll actually have to check and see.
> 
> Don't cloud the issue with a fuzzy definition of what [you think] 
> default means,  it doesn't do the discusssion justice.
> 
> "Default" has a fixed definition in the English language, and I have 
> already covered that.
> 
> And that really is the end of this thread I believe...
> 
> 
> 
> Johnny Hughes wrote:
> 
> >On Mon, 2005-11-21 at 14:15 +0000, Peter Farrow wrote:
> >  
> >
> >>The point was, as its very much beta quality, it should be up to the 
> >>user to ask for it, not have it dropped on them by default.
> >>
> >>Thats the point Brian was making, the essence of the reply to that was 
> >>"its not enabled by default because you can turn it off"
> >>
> >>Which is, as we all know, is a rather absurd statement....which had to 
> >>be remedied by, yes if you like, a pedantic reply, but a nonetheless 
> >>valid one...
> >>    
> >>
> >
> >I disagree ... to me enabled by default would be like the core and base
> >default packages .... they are turned on, and one can not turn them off.
> >They are enabled by default, whether you need them or not.
> >
> >SELinux would be enabled by default if it were turned on that way.
> >
> >Also, even if your more liberal definition of "Enabled by default" is
> >used ... what is enabled is the "permissive" mode - SELinux prints
> >warnings instead of enforcing.  There is an "Enabling" mode that must be
> >specifically selected.
> >
> >So, why is no one complaining that LVM2 is enabled by default ... or
> >that your C: drive is formatted by default?
> >
> >Because, you are expected to read and take action during an install.
> >That includes whether or not you include a firewall or enable SELinux.
> >  
> >
> >>Craig White wrote:
> >>
> >>    
> >>
> >>>On Mon, 2005-11-21 at 13:56 +0000, Peter Farrow wrote:
> >>> 
> >>>
> >>>      
> >>>
> >>>>>>It is not enabled by default ... unless you mindlessly click through
> >>>>>>            
> >>>>>>
> >>>>"Default" means, unless you do something to specify otherwise it will be 
> >>>>this way,
> >>>>
> >>>>SElinux IS enabled by default, as doing an install without specifically 
> >>>>searching for it and changing it will result in it being enabled.
> >>>>
> >>>>http://isp.webopedia.com/TERM/D/default.html
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>screens without reading them.
> >>>>
> >>>>        
> >>>>
> >But ... SELinux (at least in a mode that does anything) is not set to be
> >enabled by default ... it is in permissive and not enabling.
> >  
> >
> >>>>   
> >>>>
> >>>>        
> >>>>
> >>>----
> >>>you are being a bit pedantic here.
> >>>
> >>>Defaults, installation options, etc. are set by upstream provider.
> >>>
> >>>If someone were to simply click-through the install without
> >>>customization, it would indeed be turned on as would a firewall without
> >>>holes and no doubt in that event, said unthinking user would benefit
> >>>      
> >>>
> >>>from both.
> >>    
> >>
> >true
> >  
> >
> >------------------------------------------------------------------------
> >
> >_______________________________________________
> >CentOS mailing list
> >CentOS@xxxxxxxxxx
> >http://lists.centos.org/mailman/listinfo/centos
> >  
> >
> 
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.centos.org/pipermail/centos/attachments/20051121/148950cd/attachment.bin

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux