[CentOS] SELinux threads, cynicism, one-upmanship, etc.

Johnny Hughes mailing-lists at hughesjr.com
Mon Nov 21 14:39:33 UTC 2005


On Mon, 2005-11-21 at 14:15 +0000, Peter Farrow wrote:
> The point was, as its very much beta quality, it should be up to the 
> user to ask for it, not have it dropped on them by default.
> 
> Thats the point Brian was making, the essence of the reply to that was 
> "its not enabled by default because you can turn it off"
> 
> Which is, as we all know, is a rather absurd statement....which had to 
> be remedied by, yes if you like, a pedantic reply, but a nonetheless 
> valid one...

I disagree ... to me enabled by default would be like the core and base
default packages .... they are turned on, and one can not turn them off.
They are enabled by default, whether you need them or not.

SELinux would be enabled by default if it were turned on that way.

Also, even if your more liberal definition of "Enabled by default" is
used ... what is enabled is the "permissive" mode - SELinux prints
warnings instead of enforcing.  There is an "Enabling" mode that must be
specifically selected.

So, why is no one complaining that LVM2 is enabled by default ... or
that your C: drive is formatted by default?

Because, you are expected to read and take action during an install.
That includes whether or not you include a firewall or enable SELinux.
> 
> Craig White wrote:
> 
> >On Mon, 2005-11-21 at 13:56 +0000, Peter Farrow wrote:
> >  
> >
> >> >>It is not enabled by default ... unless you mindlessly click through
> >>
> >>"Default" means, unless you do something to specify otherwise it will be 
> >>this way,
> >>
> >>SElinux IS enabled by default, as doing an install without specifically 
> >>searching for it and changing it will result in it being enabled.
> >>
> >>http://isp.webopedia.com/TERM/D/default.html
> >>
> >>
> >>
> >>
> >>screens without reading them.
> >>
But ... SELinux (at least in a mode that does anything) is not set to be
enabled by default ... it is in permissive and not enabling.
> >>    
> >>
> >----
> >you are being a bit pedantic here.
> >
> >Defaults, installation options, etc. are set by upstream provider.
> >
> >If someone were to simply click-through the install without
> >customization, it would indeed be turned on as would a firewall without
> >holes and no doubt in that event, said unthinking user would benefit
> >from both.
true
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos/attachments/20051121/59fb51f1/attachment.sig>


More information about the CentOS mailing list