On Tue, 2004-04-06 at 11:59, Jesse Keating wrote: > > While SELinux is very cool, and very usefull in corner cases of edge > servers, it's not very cool for workstations, desktops, general > servers, etc... Actually - I think desktops and general servers are where it is the most beneficial. On the desktop, I think it can help prevent the spread of worms from people who turn their firewall off, play with sendmail, and don't patch. For the general servers, it helps prevent compromise of one service from impacting another. I think the reason the current setting is enforce is because it needs to have everything ironed out. It is an install option, though - so it's not like it would be forced on anyone. I am willing to bet that the default for worsktation installs will be permissive. Just a hunch I got. > > In short, I'd urge strongly to have SELinux turned off for the final > release, and perhaps even for Test3. Having it there is extremely cool > for those that will need/want it. Forcing it upon the rest of the > world is not wise IMHO. I agree it should be permissive default for workstation install. But not for test3 - test3 is a test release. -- Cheap Linux CD's - http://mpeters.us/linux/
