Mike McCarty wrote:
Jim Cornette wrote:
[snip]
SELinux is now active on most computers since it is easier to diagnose
problems, report misbehaving programs in a security sense.
What do you mean by "most computers"? "Most computers running FC6"?
I don't have any FC6 versions left. They are all up to F7. I don't have
SELinux active on the development version.
It would be nice to address the original question, which is
For those of us who prefer not to install or run SELinux, how can
we do that easily without leaving Fedora Core Project?
If you do not use SELinux, you will not know whether it has improved in
manageability and good default policies. I recently started using
SELinux for F7 but before only set it to permissive.
It is better, so the best idea is to not fight so hard to remove it.
Earlier reasons why I only ran permissive instead of enforcing are below.
- It used to mess up package installation with errors in %pre and %post
scriptlets.
- It was too much hassle to set up server programs bcause of it blocking
intended operations.
Both problems seem to be squashed from at least frequency.
You can disable it and remove associated programs if you choose to. I
thought it would be worth mentioning that one who did not find value
with SELinux has converted to preferring SELinux because the SELinux
Troubleshooter informs you of the problem along with good explanations
and corrective actions to allow your system to work as you intend it to
work.
Jim
Mike
