-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/24/2012 04:23 PM, "Jóhann B. Guðmundsson" wrote: > On 09/24/2012 08:16 PM, drago01 wrote: >> On Mon, Sep 24, 2012 at 10:13 PM, "Jóhann B. Guðmundsson" >> <johannbg@xxxxxxxxx> wrote: >>> I hereby propose that we default selinux to permissive mode up to >>> final which should just get rid of unneeded nuance during testing. >> -1 >> >> This would just mean we test something different then we actually ship. >> If there are selinux bugs they are supposed to be cough during testing >> and reported like any other bugs. > > With permissive mode we should still be able to catch all those errors and > report them without all the downside that comes with having it in enforcing > mode during our development releases... > > JBG Definitely not. Enforcing mode and Permissive mode are not equivalent. SELinux/Permission Denied can cause things to crash. I have been working since last week on SELinux/Systemd problems that happen in early boot, and would only be seen in enforcing mode. For some reason avc messages were not showup in early boot, so no one would have known about it. Dontaudit rules can cover up messages that cause applications bugs. We have been working with SELinux in enforcing mode for years now, why change now. Do you have specific errors that SELinux is causing in Fedora 18? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBhEpAACgkQrlYvE4MpobOi3ACg0sP2FGp1DbfX4knGU5nArkHh 18sAoOKKA5V/VPpQdXcZO1nyxlwzEjAG =fp0T -----END PGP SIGNATURE----- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test