[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Override changes standard -> optional

Steve Langasek wrote:
>> selinux-policy-default
> I think this needs to be at Priority: standard as a necessary step in
> SELinux bootstrapping, but I realize this is contentious.

Not really. SELinux is not even close to functional after a standard 
installation. For one thing, it gets installed *after* the initrd gets 
generated and the initrd does not get regenerated, so the admin has to do 
that manually after rebooting into the installed system.

There's also some manual tuning of the system required (documented in the 
wiki) to avoid a number of issues.

Conclusion is that as a number of manual steps is needed anyway to get 
SELinux working, there is currently no benefit in having it installed by 
default. And there are various disadvantages, as discussed on this list 
last September [1].


[1] <20080914090810.GA7965@deprecation.cyrius.com>

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: