Bug 453343

Summary: Request to re-enable disable selinux option
Product: [Fedora] Fedora Reporter: Jon Masters <jcm>
Component: firstbootAssignee: Chris Lumens <clumens>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-06-30 13:36:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jon Masters 2008-06-29 22:18:24 UTC 
Description of problem:

The current default of SELinux being enabled (with no option to disable) is (in
my own personal opinion) unworkable. Fedora lacks automated, graphical tools for
users and administrators to manage simple context changes - for example,
downloading an ISO image, setting up a virtual machine, or copying system
configuration files from /home into /etc. Many of these operations will be
broken by the complexity of the SELinux policy in Fedora, while the user will
have no easy recourse other than filing a bug and waiting for an update.

Rather than forcing users to have SELinux as a means of publicizing the many
positive advantages that it offers, it would be more advantageous to Fedora to
allow users to make choices for themselves - allowing them to disable SELinux on
those systems that do not require it is a prudent and sensible course of action,
until such time as the complete user experience is entirely graphical, well
understood, and easy for large scale end user usage and deployment.
Comment 1 Chris Lumens 2008-06-30 13:36:25 UTC 
The System->Administration->SELinux Management option allows all sorts of
configuration of SELinux and allows users to disable it from an environment in
which they can do some research and figure out exactly what they're doing. 
Within firstboot there's no web browser or anything similar, so the SELinux
combo box doesn't really make a whole lot of sense.  Allowing configuration
after the user has logged in means they can do some research and figure out what
the implications of disabling SELinux are, and can then choose to do so with the
tool on their desktop.