Bug 453343 - Request to re-enable disable selinux option
Request to re-enable disable selinux option
Product: Fedora
Classification: Fedora
Component: firstboot (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Chris Lumens
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-06-29 18:18 EDT by Jon Masters
Modified: 2008-06-30 09:36 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-06-30 09:36:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jon Masters 2008-06-29 18:18:24 EDT
Description of problem:

The current default of SELinux being enabled (with no option to disable) is (in
my own personal opinion) unworkable. Fedora lacks automated, graphical tools for
users and administrators to manage simple context changes - for example,
downloading an ISO image, setting up a virtual machine, or copying system
configuration files from /home into /etc. Many of these operations will be
broken by the complexity of the SELinux policy in Fedora, while the user will
have no easy recourse other than filing a bug and waiting for an update.

Rather than forcing users to have SELinux as a means of publicizing the many
positive advantages that it offers, it would be more advantageous to Fedora to
allow users to make choices for themselves - allowing them to disable SELinux on
those systems that do not require it is a prudent and sensible course of action,
until such time as the complete user experience is entirely graphical, well
understood, and easy for large scale end user usage and deployment.
Comment 1 Chris Lumens 2008-06-30 09:36:25 EDT
The System->Administration->SELinux Management option allows all sorts of
configuration of SELinux and allows users to disable it from an environment in
which they can do some research and figure out exactly what they're doing. 
Within firstboot there's no web browser or anything similar, so the SELinux
combo box doesn't really make a whole lot of sense.  Allowing configuration
after the user has logged in means they can do some research and figure out what
the implications of disabling SELinux are, and can then choose to do so with the
tool on their desktop.

Note You need to log in before you can comment on or make changes to this bug.