On Thu, Jun 11, 2020 at 9:29 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > Good point about the installer. I have already started working on > preparing Fedora for the runtime disable removal, but so far I'm only > at the beginning. Updating anaconda to add selinux=0 to the kernel > params instead of using /etc/selinux/config will be one of the main > steps. ... > I also prefer to rather go somewhere in this direction rather than > introducing the delay. I was kinda OK with the delay at first, but as > Stephen points out, it would punish users rather than distros, even > though users are (normally) not the ones that make a conscious > decision to use the runtime disable. ... > Yes, I was under the impression that some changes in libselinux are > needed before this works transparently, but apparently it already does > the right thing now. In that case I'd say that it may be better to > skip adding sleeps etc. and just remove the feature at some point. But > please let's wait with that for a while longer so we can prepare > Fedora for it first. It's hard to tell at this point how long that > will take, but it could be several months. > > Then again, the sleep might be helpful to wake up potential non-Fedora > users (if any) and in Fedora we can always apply a revert as a > downstream patch until things are sorted. So if you guys really want > it, I think we can deal with it. I'm glad to hear Fedora is making changes to move away from the runtime disable, please keep us updated about once a month so we know where things are at with Fedora. As I mentioned previously, I'm okay with postponing the delay so long as Fedora is making progress - and according to Ondrej they are - so I'm okay with holding off for now. -- paul moore www.paul-moore.com
