Re: SOT: virtualization

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Technomage
Date:  
To: Main PLUG discussion list
Subject: Re: SOT: virtualization
Craig White wrote:
> On Tue, 2009-12-15 at 18:46 -0700, Technomage wrote:
>
>> Fedora: forces you to run SELINUX regardless of whether you need it or
>> not
>>
> ----
> this is simply wrong.
>
> On Fedora 12 (the latest version released a few weeks ago)...
>

I was running fedora 11 and even with the settings as listed below, it
was still attempting to run.
also, its settings manager was rather a bit less intuitive than I would
have liked (not very
blind friendly).

> # head -n 5 /etc/selinux/config
> # This file controls the state of SELinux on the system.
> # SELINUX= can take one of these three values:
> #       enforcing - SELinux security policy is enforced.
> #       permissive - SELinux prints warnings instead of enforcing.
> #       disabled - SELinux is fully disabled.

>
> if however you had the slightest bit of understanding of SELinux, you
> would have known that on any system, you can append 'setenforce 0' to
> the kernel boot parameters to disable SELinux at startup.
>
>

as a desktop user, I am not required to have an understanding of an
enterprise class security tool.
I personally think that its rather unnecessary to have running (let
alone installed). For the application
that I had tasked the machine, it was downright intrusive in allowing my
to operate the machine.

> Even still, you could build your own kernel and not enable SELinux.
>
>

I had not gotten that far and considering the use to which I was going
to put the box,
the effort of building a kernal would have not been worth the expended time.
> I am quite sure that 'forcing' a user to run SELinux on Fedora has never
> even been discussed by serious people. You can permanently disable it on
> 'first boot' which is where you configure things like networking, users,
> startup services, firewall and of course, security.
>

unfortunately, the install routine for FC-11 didn't give me that option
(and the install gui is not the most
blind/VI friendly)
> As for your assertion that Fedora has 'dependency' issues... I simply do
> not ever have dependency issues with Fedora but if your analysis of
> dependencies is similar to your analysis of them 'forcing' users to run
> SELinux, then I would accept that you have had your share of problems.
>
> Craig
>

heheh. yeah....my analysis isn't anywhere near a professional one. its
taken from the POV of an end user
that simply wants a system that "just works" without a lot of hassle and
deep level configuration. I can do
a lot of this work, but some of the people I help out cannot (for
various reasons) and it starts soaking a
non-trivial amount of my time to deal with these issues. At least with
debian 5, I can install a base level system,
then install X and lastly the DM of my choice (kde, xfce, openstep,
whatever) and not have to gut the system
to do it.
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss