-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ralf Corsepius wrote: | On Wed, 2008-07-09 at 09:57 -0400, Daniel J Walsh wrote: |> -----BEGIN PGP SIGNED MESSAGE----- |> Hash: SHA1 |> |> Ralf Corsepius wrote: |> | On Wed, 2008-07-09 at 11:58 +0200, Nils Philippsen wrote: |> | |> |> One question nobody has been able to answer to my satisfaction yet: Why |> |> would it be essential that SELinux can be disabled from the installer |> |> vs. from the installed system? |> | One point: Once SELinux had been active, it can cause problems, despite |> | it had been disabled, afterwards: |> | C.f.: https://bugzilla.redhat.com/show_bug.cgi?id=453365 |> | |> | Ralf |> | |> | |> This is a bug in code, and I am not sure this would not have happened if |> SELinux was disabled in the first place. | | Neither am I. | | My point is: kernel-/filesystem-side of SELinux apparently is not | entirely transparent to applications and may disturb "arbitrary, known | to work" applications, even if SELinux is off. | | In my case, I repeatedly had SELinux active on the machine exposing the | issue from the BZ, and had encountered the broken "patch" after having | switched SELinux off. | | Having a look into the patch, which seems to have fixed "patch", I am | inclined to think the actual cause for this breakdown is inside of the | kernel or the filesystem. | | Ralf | | Well the problem was in the patch code, that did not check to see if SELinux was disabled or not. When it tried to SELinux stuff, with SELinux disabled it failed. Simple bug in the patch code. So this bug will happen whenever SELinux was disabled. Whether or not you disabled it during install or post install. So your example of why SELinux needs to be able to be disabled in Anaconda is flawed. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkh003wACgkQrlYvE4MpobNx5QCgpkyhXFAkQuiRQ5maL04chZnO otIAnRKecZmITBKhzDm+HBTAVNn8aQZp =q8No -----END PGP SIGNATURE----- -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list