On 07/30/2010 08:17 AM, Camilo Mesias wrote: >> We recognize there may be situations when SELinux causes problems and >> you need to make it permissive or turn it off temporarily, but please >> try and keep it turned on if you possibly can, and if you're in a >> situation where you need to disable it, please let the developers know >> by filing a bug, so they can fix it and you can turn it back on. Thanks >> a lot! > > How sincere is this offer, because I can think of a few use cases > that make a lot of work for anyone wanting to keep SELinux. These > are realistic use cases that people in the real world will want to > follow, that I follow every time I install Fedora. But I have given > up providing feedback because the response is usually more like 'you > shouldn't do that because it doesn't fit in with the SELinux way' > rather than 'we can change SELinux to let you do that securely by > XXX' SELinux is very configurable, and its various protections can be turned on and off for each individual case. Google code seems to have odd bugs: Google Earth, in particular, has libraries that haven't been compiled as position-independent code, leading to the need to set special attributes on its libraries. This can be fixed by changing the attributes on those libraries, once you know how. There are not many cases (well, none, AFAIK) where it's actually necessary to turn off SELinux altogether. > The use cases in case anyone's interested: Install Picasa3 (which uses > its own wine version*) and install Spotify (for Windows) using the > 'native' Wine. I might have a look at Picasa3. > *Google recommends turning off SELinux Google is a pretty big company, and I suspect that some of its employess would be unimpressed by this advice. Andrew. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
