Jon Masters wrote:
On Wed, 2008-07-02 at 18:29 -0700, Andrew Farris wrote:
Jon Masters wrote:
On Wed, 2008-07-02 at 17:16 -0400, Alan Cox wrote:
SELinux should be disablable is the wrong discussion. The discussion you should
be having is "I've filed a few bugs where SELinux didn't magically do the right
thing, how do we fix them and can we make these less likely to occur in future"
I think the only way to "fix" it for the foreseeable future is to
simplify policy, so that only a very limited set of services are
confined. Then, when the graphical tools and user experience have
eventually caught up, it'll be trivial to switch policy again.
selinux-policy-targeted is precisely that.
Or more precisely, it would like to be that. Abrupt, single line replies
like the above amuse me perhaps more than they should, because they
carry the implication that I didn't actually consider what is currently
implemented in Fedora before sending my original mail ;)
Anyway. I've tried to make my point, I'm done now :)
I apologize for the brevity then, but having read your previous mails it seemed
quite clear you hadn't looked at what targeted policy is when asking for it. If
there are specific situations, or policy bugs, or services you feel shouldn't be
confined under targeted policy it might make sense... but asking for a limited
set of services when it exists is just about as confounded as you can get. I
meant (and still mean) no offense, but if you want more thoughtful comments it
would help to be more clear about what you have and haven't already learned
about the situation.
--
Andrew Farris <lordmorgul@xxxxxxxxx> www.lordmorgul.net
gpg 0x8300BF29 fingerprint 071D FFE0 4CBC 13FC 7DEB 5BD5 5F89 8E1B 8300 BF29
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list