[CentOS] SELinux threads, cynicism, one-upmanship, etc.

Chris Mauritz chrism at imntv.com
Tue Nov 22 01:07:40 UTC 2005


Johnny Hughes wrote:

>On Mon, 2005-11-21 at 14:41 +0000, Peter Farrow wrote:
>  
>
>>Please go and look up "default" on the dictionary....
>>
>>    
>>
>It isn't the word default that I have a problem with ... it is enabled.
>
>Nothing is enabled until you click past it without taking action.
>
>You "Enable" the things that you want.
>  
>

No.  If someone clicks through the install, it's enabled and 
locked/loaded.  Now you may say "who the hell does an install and 
doesn't actively choose each and every option?"....well, that would be a 
lot of people....perhaps even most people.  So the end result is that 
you wind up with quite a few people with "broken" computers (broken 
meaning the owner can't do what they expected with it) because the 
default action of the installer is to turn SELinux on.  There really 
isn't any grey area here.  As shipped, without user intervention, 
SELinux is ON.   I consider that a bug.  The end user should have to 
explicitly ask to turn SELinux on.

>Now ... I would agree that the "Default" selection is having SELinux in
>"Permissive Mode" ... and that user action and knowledge is required
>when deciding what they want to do concerning SELinux.
>  
>

I really don't think that's acceptable until SELinux has been around the 
track a bit longer.

Best regards,




More information about the CentOS mailing list