On 5/11/2013 7:12 AM, Connie Sieh wrote:
> On Mon, 4 Nov 2013, Stephan Wiesand wrote:
> 
>> I'd like to humbly express my disapproval of habitually placing each
>> and every SELinux policy "enhancement" in the security tree. These
>> updates are rather expensive in terms of system resources, likely to
>> aid a very very small percentage of SL users only (who could just as
>> well get them from fastbugs if they're even aware of an issue
>> addressed), and have a significant potential of breaking things for
>> all the others.
>>
>> And there's at least one clear mistake in the change note, and two
>> places making me wonder whether they're correct, and all three
>> paragraphs fail to make it clear to me what actual problem is solved
>> by deploying this update. None of this makes me quite confident in the
>> QA process this change went through. Which is why I'd much rather
>> deploy it only in the course of a minor release update, or if there'd
>> be a security flaw fixed, or if I knew it fixes a bug actually biting me.
>>
> 
>> Am I the only one feeling that way?
> 
> Lets start a discussion on this.

Do many people use SELinux in the enforcing mode?

While I'm a bit old school, I don't know many people who even have
SELinux in permissive mode - let alone enforcing...

-- 
Steven Haigh

Email: [log in to unmask]
Web: https://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897
Fax: (03) 8338 0299