On Wed, 2008-07-02 at 17:16 -0400, Alan Cox wrote: > On Wed, Jul 02, 2008 at 04:46:35PM -0400, Jon Masters wrote: > > If it were really black and white like that, then I'd have to argue for > > SELinux to be disabled by default on new Fedora installs and have users > > go into the system config dialog to turn it back on. After all, if > > you're going to use the following argument: > > "This car has brakes, enable them ?" Well, you can turn the ABS on and off in some cases. > "Would you like the seatbelts to work ?" > "Shall I enable the airbag ?" You can turn the child restraint passenger system on/off on most models of car to deal with the injury sustained from airbag deployment. "Would you like to use regular gas or premium?" > SELinux should be disablable is the wrong discussion. The discussion you should > be having is "I've filed a few bugs where SELinux didn't magically do the right > thing, how do we fix them and can we make these less likely to occur in future" I think the only way to "fix" it for the foreseeable future is to simplify policy, so that only a very limited set of services are confined. Then, when the graphical tools and user experience have eventually caught up, it'll be trivial to switch policy again. > If it was a car this discussion ie - "I had a brake problem so I disabled them" > would not be considered sane No, but there are many other more suitable analogies :) Jon. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
