Hi, I'm hereby asking to disable/remove the SELinux execstack/relro checks before FC5 ships. The current state of affairs will only lead to people using big-hammer approaches in disabling selinux or big chunks thereof (based on "solutions" they find with google), which is worse than not having this protection in the first place. The technology is not finished yet. What I can imagine being useful is: 1) having the security config tool do a scan for libs/binaries that are not labeled correctly yet and present a dialog to add permissions, including an explanation of what the consequences are 2) a dbus message on failure so that the desktop can pop up a "<this application> tried to use <this insecure library> which is most likely a security risk. In case you downloaded this plugin deliberately, make sure you want this" or something As it is right now, it's just one more thing people will just disable and hate selinux more for. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
