On Tue, 2010-07-13 at 16:33 +0100, Pádraig Brady wrote: > On 13/07/10 15:47, Tomasz Torcz wrote: > > On Tue, Jul 13, 2010 at 03:11:44PM +0100, Christopher Brown wrote: > >>> > >>> As long as you give us a heads up we can prevent these types of blowups. > >>> Since this policy is shared between yum, packagekit > >> > >> Whilst I appreciate your huge efforts to provide users with a more > >> secure system, you need to realise that SELinux as it stands at the > >> moment is utterly broken. As you clearly don't think this is the case, > >> please spend some time in userland before beating on developers for > >> not caring about this. > > > > > > On the other hand, I cannot understand why packagers submit packages that > > have no chance to work in default Fedora settings, with SELinux in Enforcing mode. > > Nobody I know enables SELinux. > smolt says about half leave it enabled: > http://smolts.org/static/stats/stats.html > But I'm guessing a lot of experienced users/devs > disable it given previous experiences... > It's a bit of a catch 22 really. > > Personally I do momentarily enable to test but always disable > because of _hundreds_ of errors in the applet thingy. > Enabling in non enforcing mode causes a huge performance hit, > causing for example the "do you want to kill" dialog to pop up > when I try to quit firefox. I have it enabled all the time on all my machines, and have never seen either problem. I only get a small number of alerts, which I always report to Bugzilla. I find Dan usually fixes them very quickly. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org http://www.happyassassin.net -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
