Craig White wrote: > On Tue, 2009-12-15 at 18:46 -0700, Technomage wrote: > >> Fedora: forces you to run SELINUX regardless of whether you need it or >> not >> > ---- > this is simply wrong. > > On Fedora 12 (the latest version released a few weeks ago)... > I was running fedora 11 and even with the settings as listed below, it was still attempting to run. also, its settings manager was rather a bit less intuitive than I would have liked (not very blind friendly). > # head -n 5 /etc/selinux/config > # This file controls the state of SELinux on the system. > # SELINUX= can take one of these three values: > # enforcing - SELinux security policy is enforced. > # permissive - SELinux prints warnings instead of enforcing. > # disabled - SELinux is fully disabled. > > if however you had the slightest bit of understanding of SELinux, you > would have known that on any system, you can append 'setenforce 0' to > the kernel boot parameters to disable SELinux at startup. > > as a desktop user, I am not required to have an understanding of an enterprise class security tool. I personally think that its rather unnecessary to have running (let alone installed). For the application that I had tasked the machine, it was downright intrusive in allowing my to operate the machine. > Even still, you could build your own kernel and not enable SELinux. > > I had not gotten that far and considering the use to which I was going to put the box, the effort of building a kernal would have not been worth the expended time. > I am quite sure that 'forcing' a user to run SELinux on Fedora has never > even been discussed by serious people. You can permanently disable it on > 'first boot' which is where you configure things like networking, users, > startup services, firewall and of course, security. > unfortunately, the install routine for FC-11 didn't give me that option (and the install gui is not the most blind/VI friendly) > As for your assertion that Fedora has 'dependency' issues... I simply do > not ever have dependency issues with Fedora but if your analysis of > dependencies is similar to your analysis of them 'forcing' users to run > SELinux, then I would accept that you have had your share of problems. > > Craig > heheh. yeah....my analysis isn't anywhere near a professional one. its taken from the POV of an end user that simply wants a system that "just works" without a lot of hassle and deep level configuration. I can do a lot of this work, but some of the people I help out cannot (for various reasons) and it starts soaking a non-trivial amount of my time to deal with these issues. At least with debian 5, I can install a base level system, then install X and lastly the DM of my choice (kde, xfce, openstep, whatever) and not have to gut the system to do it. --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss