Re: Should selinux be standard?
On Mon, 2008-09-15 at 20:14 +0200, Bastian Blank wrote:
> On Mon, Sep 15, 2008 at 12:52:54PM -0500, Raphael Geissert wrote:
> > Bastian Blank wrote:
> > > Oh yeah. Do you intend to do the support?
> > If it is not very functional by default, or it is but nobody is willing to
> > support it, then it shouldn't be standard; that's the main point.
>
> It changes the traditional behaviour of the system.
>
> Would you really expect that executing a daemon (it was "named" in my
> case) produces a different result than invoke-rc.d $daemon start? This
> cost me over one hour as bind lacks proper error messages in this code
> path. And I heard too much whining by Fedora users on several
> mailing-lists because of problems caused by the targeted selinux policy.
Sorry for that dumb question, but does everyone agrees on what "Enabling
SELinux by default" means ? (is it about selinux=1 or is it enforce=1
too? )
I am not an SELinux expert, but enabling SElinux by default would make
it easier for a user to switch to enforcing mode (no need to relabel, no
need to reboot), but shouldn't break any system (right?).
Also, error messages would be displayed in syslog, and some users would
file appropriate bugs... so squeeze's DI might prompt to enable it.
Franklin
Reply to: