Jerry Amundson wrote: > On Sun, Oct 26, 2008 at 10:13 AM, Bruno Wolff III <bruno@xxxxxxxx> wrote: > >> On Sat, Oct 25, 2008 at 18:59:12 -0500, >> Jerry Amundson <jamundso@xxxxxxxxx> wrote: >> >>> Yep, I say leave the question out of the installer, and default it to >>> *disabled*. >>> >> Disabled is the worst of the three options because you will need to do a >> relabel if you ever turn it back on. And you don't get useful logs of any >> problems. >> > > I repeat. I think disabled is the best option for the largest > audience. Overall, the majority of time spent re-labeling occurs when > we disable selinux in firstboot. > No selinux. No problems. Everything else that needs to be logged gets logged. > > Very simple. Disable SElinux by default. Enable it (at firstboot, > etc.) if you want it. The world becomes a better computing place. :) > > jerry > Or we can simply decide that sticking our collective head in the sand is not an option when it comes to security, leave it enabled, and fix the remaining issues. There is no reason why SELinux needs to cause any issues in the vast majority of cases. Sure, if you are running a poorly tested/proprietary configuration (e.g. NVidia blob) then you will probably not have a completely glitch-free experience. However, degrading the security of the entire platform to cater to a small subset of users is simply not acceptable. Security-wise, we in the Linux community have been extremely lucky thusfar. We represent a small percentage of Internet users and thus desktop exploits aren't particularly prevalent. However, if and when Linux becomes a sizeable player on the desktop/end-user space, we are going to have far greater security issues. Look at Windows. Even without considering the brain-dead security defaults, Windows XP is a security nightmare. Many of the issues that Windows has with malware could be mitigated with proper containment through MAC. Giving any application or service open access to anything on the system is a recipe for disaster. The fact is, the least-privilege principle simply can't realistically be implemented using only a primitive user/group privilege system. A perception that Linux is weak in security will only further hamper future adoption. We have already seen early indications of the remarkable power that containment holds. To disable SELinux by default would be to remove a vital part of our security subsystem. Nobody can deny that there are still issues, but these can be fixed and once they are, the result will be a more secure computing environment for all. - Ben -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
