Red Hat Bugzilla – Bug 453343
Request to re-enable disable selinux option
Last modified: 2008-06-30 09:36:25 EDT
Description of problem:
The current default of SELinux being enabled (with no option to disable) is (in
my own personal opinion) unworkable. Fedora lacks automated, graphical tools for
users and administrators to manage simple context changes - for example,
downloading an ISO image, setting up a virtual machine, or copying system
configuration files from /home into /etc. Many of these operations will be
broken by the complexity of the SELinux policy in Fedora, while the user will
have no easy recourse other than filing a bug and waiting for an update.
Rather than forcing users to have SELinux as a means of publicizing the many
positive advantages that it offers, it would be more advantageous to Fedora to
allow users to make choices for themselves - allowing them to disable SELinux on
those systems that do not require it is a prudent and sensible course of action,
until such time as the complete user experience is entirely graphical, well
understood, and easy for large scale end user usage and deployment.
The System->Administration->SELinux Management option allows all sorts of
configuration of SELinux and allows users to disable it from an environment in
which they can do some research and figure out exactly what they're doing.
Within firstboot there's no web browser or anything similar, so the SELinux
combo box doesn't really make a whole lot of sense. Allowing configuration
after the user has logged in means they can do some research and figure out what
the implications of disabling SELinux are, and can then choose to do so with the
tool on their desktop.