[CentOS] SELinux threads, cynicism, one-upmanship, etc.

Mon Nov 21 14:52:32 UTC 2005
Johnny Hughes <mailing-lists at hughesjr.com>

On Mon, 2005-11-21 at 14:41 +0000, Peter Farrow wrote:
> Please go and look up "default" on the dictionary....
> 
It isn't the word default that I have a problem with ... it is enabled.

Nothing is enabled until you click past it without taking action.

You "Enable" the things that you want.

Now ... I would agree that the "Default" selection is having SELinux in
"Permissive Mode" ... and that user action and knowledge is required
when deciding what they want to do concerning SELinux.

> 
> Johnny Hughes wrote:
> 
> >On Mon, 2005-11-21 at 14:15 +0000, Peter Farrow wrote:
> >  
> >
> >>The point was, as its very much beta quality, it should be up to the 
> >>user to ask for it, not have it dropped on them by default.
> >>
> >>Thats the point Brian was making, the essence of the reply to that was 
> >>"its not enabled by default because you can turn it off"
> >>
> >>Which is, as we all know, is a rather absurd statement....which had to 
> >>be remedied by, yes if you like, a pedantic reply, but a nonetheless 
> >>valid one...
> >>    
> >>
> >
> >I disagree ... to me enabled by default would be like the core and base
> >default packages .... they are turned on, and one can not turn them off.
> >They are enabled by default, whether you need them or not.
> >
I still stick to my definition of "Enabled by default".  Enabled, in my
mind, requires some actions by the person doing the install.

Though, I will agree that SELinux (in "permissive mode" and not
"enforcing mode") is the default selection.

> >SELinux would be enabled by default if it were turned on that way.
> >
> >Also, even if your more liberal definition of "Enabled by default" is
> >used ... what is enabled is the "permissive" mode - SELinux prints
> >warnings instead of enforcing.  There is an "Enabling" mode that must be
> >specifically selected.
> >
> >So, why is no one complaining that LVM2 is enabled by default ... or
> >that your C: drive is formatted by default?
> >
> >Because, you are expected to read and take action during an install.
> >That includes whether or not you include a firewall or enable SELinux.
> >  
> >
> >>Craig White wrote:
> >>
> >>    
> >>
> >>>On Mon, 2005-11-21 at 13:56 +0000, Peter Farrow wrote:
> >>> 
> >>>
> >>>      
> >>>
> >>>>>>It is not enabled by default ... unless you mindlessly click through
> >>>>>>            
> >>>>>>
> >>>>"Default" means, unless you do something to specify otherwise it will be 
> >>>>this way,
> >>>>
> >>>>SElinux IS enabled by default, as doing an install without specifically 
> >>>>searching for it and changing it will result in it being enabled.
> >>>>
> >>>>http://isp.webopedia.com/TERM/D/default.html
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>screens without reading them.
> >>>>
> >>>>        
> >>>>
> >But ... SELinux (at least in a mode that does anything) is not set to be
> >enabled by default ... it is in permissive and not enabling.
> >  
> >
> >>>>   
> >>>>
> >>>>        
> >>>>
> >>>----
> >>>you are being a bit pedantic here.
> >>>
> >>>Defaults, installation options, etc. are set by upstream provider.
> >>>
> >>>If someone were to simply click-through the install without
> >>>customization, it would indeed be turned on as would a firewall without
> >>>holes and no doubt in that event, said unthinking user would benefit
> >>>      
> >>>
> >>>from both.
> >>    
> >>
> >true
> >  
> >
> >------------------------------------------------------------------------
> >
> >_______________________________________________
> >CentOS mailing list
> >CentOS at centos.org
> >http://lists.centos.org/mailman/listinfo/centos
> >  
> >
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos/attachments/20051121/8d914eec/attachment-0005.sig>