On Thu, May 8, 2014 at 11:15 PM, alex diavatis <alexis.diavatis@xxxxxxxxx> wrote: > Hello, > > According to Fedora Workstation Specifications [1], SELinux will be enabled > in enforcing mode, using the targeted policy. > > Is this really needed for Fedora workstation? Yes. > We all have faced issues with > SELinux that prevents applications to do, what are supposed to do. > Applications rarely fail with certain operations and users don't > know why their applications fail. More over not even applications > developers don't know what SELinux considers as a dangerous operation. Most user apps run unconfined so this "SELinux breaks random applications" is an overstated rumor nothing more. > Some "advance(?)" users disable it anyway, less advance users don't know why > their apps fail while app developers ignore it. Which apps fail? The majority of apps run unconfined. There might be bugs but generally SELinux just allows apps to what there are supposed to do and nothing more instead of leaving apps just do everything. The only things that affect unconfined apps are stuff like disallowing exec_mem and you want don't want to just allow that for every app even if you disable SELinux. > In any case, I don't think SELinux has helped much our PC to be more secure. It did. > Moreover the latest bug found on Fedora 20 with SELinux/Scriptlets made the > recovery totally impossible for many users, > and it proved (again) that SELinux isn't a really good software for desktop > and desktop users. That's a bug ... "we hit a bug so disable it" is simply wrong we should find out why the testing failed to catch that bug and improve that instead. -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
