On Tue, 2004-04-06 at 12:21, Jesse Keating wrote: > On Tuesday 06 April 2004 12:24, Michael A. Peters wrote: > > Actually - I think desktops and general servers are where it is the > > most beneficial. On the desktop, I think it can help prevent the > > spread of worms from people who turn their firewall off, play with > > sendmail, and don't patch. For the general servers, it helps prevent > > compromise of one service from impacting another. > > General servers maybe. Workstations, where users add a plethora of > third party software, almost all of it w/out any SELinux support > (policy additions), can quickly become a mess, with the user usually > just turning off SELinux completely rather than deal with the headache. I see the point. Perhaps the Fedora Packaging guidelines should be updated to deal with this scenario so that third party packagers can fix their packages to work with SELinux. > > Sure it's an option, but (non scientific) studies have shown that the > defaults are what are used most often. My recommendation was to keep > it as an option during the install, but leave the default as off. I suspect even scientific studies would show the defaults are what are used most often. It definitely should be either permissive or off for the Workstation button. IMHO. -- Cheap Linux CD's - http://mpeters.us/linux/
