Pádraig Brady wrote: >Nobody I know enables SELinux. >smolt says about half leave it enabled: >http://smolts.org/static/stats/stats.html >But I'm guessing a lot of experienced users/devs >disable it given previous experiences... It's closer to 70% actually, also consider the 18.7% being market as "Unknown". >Personally I do momentarily enable to test but always disable >because of hundreds of errors in the applet thingy. If you have _hundreds_ of errors with SELinux, i'm afraid you are exaggerating, using a custom policy or you might have a serious labeling issue : touch /.autorelabel reboot My system is running as staff_u, and i don't remember reporting more than 20-30 AVCs over now almost a year. If you think it might be an issue with the policy, you should report those bugs into RHBZ. >Enabling in non enforcing mode causes a huge performance hit, >causing for example the "do you want to kill" dialog to pop up >when I try to quit firefox. Can you measure the *huge* performance hit, i would be interested to see your numbers. As far as i'm aware, the performance hit of SELinux is around 5-7%. >But I'm guessing a lot of experienced users/devs >disable it given previous experiences... Well, they should reconsider their decision and just take a look at how many user space tools are available to make their life easier. The FUD about SELinux need to stop.
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
