On Tue, Mar 14, 2006 at 09:26:01AM -0700, Stephen J. Smoogen wrote: > To be honest, we have found that the following people turn off SeLinux > for the following reasons: [1-4] 5. They copied their / through remounting and rsync to another partition on another disk to be able to change the partitions on the original disk and ended up trying to find out why they couldn't log in even as root anymore. Which is fun to debug without the web. It will be a large number of years before my GF's brother allows selinux anywhere his computer. The selinux cra^Wlabels should have been taken into account in cp/tar/rsync and other applications that copy executables before anybody thought about activating it. Now its reputation is so bad people will wait for several years before even thinking about trying it again. "Failing gracefully" is one of these basic concepts security people like to ignore or even rant about, forgetting the real world needs it. Locking root out of login on the console with its password typed on the keyboard if some magic, fs-layout-dependant flags aren't perfectly set in some hidden corner is stupid beyond belief. I personally won't ever trust selinux until the mentality changes. I don't always have a rescue cd handy. OG. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
