Tom Horsley wrote:
On Thu, 28 Jun 2007 20:43:54 -0400
Jim Cornette <fc-cornette@xxxxxxxxxxxxxx> wrote:
You can disable it and remove associated programs if you choose to. I
thought it would be worth mentioning that one who did not find value
with SELinux has converted to preferring SELinux because the SELinux
Troubleshooter informs you of the problem along with good explanations
and corrective actions to allow your system to work as you intend it to
work.
Oh goody! Now it comes with a useful tool that explains exactly
why it is being a pain in the ass :-).
Its not a pain at all if I disable it.
According to some, it consumes too much because of updates whether it is
active or not. It does not matter to me whether people run with it
enabled or not.
With the new user tools you can set it up easier and it no longer gets
in the way for your intended operation. Other elements which do get by
with conventional security programs like people trying to run elements
under /proc are flagged and prevented.
Also, while I was addressing the need for adjustments to SELinux, I
changed some aspects of other programs to make them more secure.
(Limiting external users and whether they have a shell for the account)
Since I did not use SELinux in active mode prior to F7 substantially, it
does not surprise me much that others still would find relatively easy
adjustments to SELinux to still be a bother.
Maybe F8 will be automagic enough for you to use. (?)
Jim
