On Tue, Mar 14, 2006 at 02:25:04PM -0500, Ivan Gyurdiev wrote:
> >The selinux cra^Wlabels should have been taken into account in
> >cp/tar/rsync and other applications that copy executables before
> cp has supported selinux for quite some time now.
What in my sentence made you think this was an "or"?
> As far as recovering from disaster is concerned... there's the option of
> turning selinux off, or enabling it in permissive mode via kernel
> parameters, therefore selinux issues are never fatal if you know the
> right options (enforcing=0, or selinux=0).
And once a sysadmin has had to turn selinux off temporarily to be able
to use his computer again, what do you think are the odds for his next
action to be turning it off definitively?
Guys, as long as the failure mode for a simple and somewhat invisible
problem (lost labels) which isn't a hardware failure is to make a
system totally unusable, selinux is too dangerous to be used.
fedora-devel-list mailing list