On 08/31/2010 02:26 PM, Tim wrote: > On Mon, 2010-08-30 at 22:06 +0100, Alan Cox wrote: >> As to software which demands you disable security, I always apply >> common sense and treat it the same way as if a passing tradesman says >> "can you just leave your door unlocked for the weekend" > > Likewise for people vehemently advocating to disable SELinux, I view > them with a great deal of suspicion. Is it simply they really do not > like it, or do they have ulterior motives? Neither. Initially, when trying to use it, they typically notice something stops working. Then, when trying to make it work, they get lost in arcane and cryptic tools. To utilize Alan's ABS analogy: In most cases, the only UI ABS offers to end-users an on/off switch and "just works". SELinux however forces to fiddle and dig through 100s of knobs and switches. In short: there is nothing fundamentally wrong with SELinux, except that its UIs and GUIs are not end-user-ready and that the Fedora SELinux policy packages suffer from bugs. Ralf -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines