On Wed, 2008-07-02 at 16:29 -0400, Jon Masters wrote: > I think what's needed is a nice little paragraph summarizing what > SELinux is aiming to do, and then the old option of setting permissive > or disabling - users can then set permissive if they prefer to. Note that when I say this, I'm one of the users who might well turn it off (well, set permissive) again on future installs. I've lived with SELinux enforcing on F9 for under two weeks and have found it highly inhibitive to performing many regular everyday tasks I'm used to. I wasted about 6 hours on Sunday evening[0] figuring out why an SELinux policy update in F9 had randomly stopped VPNC from working in a policy update - that came following days of denials trying to do even simple stuff. I can't possibly see how thrusting this default upon masses of otherwise unsuspecting users is a good idea. I'm not saying SELinux isn't a fantastic idea in certain cases, just not on "the desktop". Dan, et al, no offense, but we need the option to come back :) Jon. [0] It had been almost ten years since I last read through all that documentation. So although I learned a lot about our current policy, and what has changed over the years in SELinux, so that I could understand the current targeted policy source, this isn't something regular Fedora users should have to do in order to be using their computers :) -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
