Hi, > > > > - A lot of developers I know, including a bunch at Red Hat, *turn off > > SELINUX entirely*. IMO, something that gets pushed at heavily as this > > should be dogfooded by the development team at Red Hat completely, so > > they encounter firsthand what it means and how to fix basic issues. > > FWIW I have three machines here, of which two have SELinux always on in > enforcing mode, and the third sometimes on (dogfooding Rawhide here, so > sometimes things break...). They're all using the targeted policy. Oh, I'm sure there are developers dogfooding it. My point is that *all* of the Red Hat developers should be dogfooding it if you think SELINUX should be the default (which I assume is being thought since it's the default in anaconda). My sample of developers was not correctly chosen if I wanted half of them to run it. But I think *all* of them should run it, and they should come to you or Karsten or Colin when they run into stuff they can't figure it out, so that it becomes impossible for me to find even one RH developer that doesn't know basic stuff about SELINUX. For any other subsystem I would say this ideal was utopian; for something that's this impacting on end users I'd say it's a necessity. But, of course, just my POV :) Thomas Dave/Dina : future TV today ! - http://www.davedina.org/ <-*- thomas (dot) apestaart (dot) org -*-> If you don't ask me out to dinner I don't eat <-*- thomas (at) apestaart (dot) org -*-> URGent, best radio on the net - 24/7 ! - http://urgent.fm/
