[CentOS] SELinux threads, cynicism, one-upmanship, etc.
chrism at imntv.com
Tue Nov 22 01:07:40 UTC 2005
Johnny Hughes wrote:
>On Mon, 2005-11-21 at 14:41 +0000, Peter Farrow wrote:
>>Please go and look up "default" on the dictionary....
>It isn't the word default that I have a problem with ... it is enabled.
>Nothing is enabled until you click past it without taking action.
>You "Enable" the things that you want.
No. If someone clicks through the install, it's enabled and
locked/loaded. Now you may say "who the hell does an install and
doesn't actively choose each and every option?"....well, that would be a
lot of people....perhaps even most people. So the end result is that
you wind up with quite a few people with "broken" computers (broken
meaning the owner can't do what they expected with it) because the
default action of the installer is to turn SELinux on. There really
isn't any grey area here. As shipped, without user intervention,
SELinux is ON. I consider that a bug. The end user should have to
explicitly ask to turn SELinux on.
>Now ... I would agree that the "Default" selection is having SELinux in
>"Permissive Mode" ... and that user action and knowledge is required
>when deciding what they want to do concerning SELinux.
I really don't think that's acceptable until SELinux has been around the
track a bit longer.
More information about the CentOS