Fedora Core 4
Stephen Smalley
sds at epoch.ncsc.mil
Tue Jan 18 12:24:29 UTC 2005
On Mon, 2005-01-17 at 09:56, Sean Middleditch wrote:
> I never said SELinux is easy to configure. I just stated how it works.
> It's actually essential that restorecon resets all files, according to
> the SELinux experts I last spoke with, since that means that an "SELinux
> security expert" (i.e. a relatively small handful of SELinux developers)
> can look in one place to check the available flow of information and
> privileges in the system; if you could change individual files then
> you'd really have no way to know what files had what contexts without
> expensive whole-system searches. (Granted, I think then that the file-
> systems people use should be "fixed" to make it not-so-expensive and to
> get rid of duality and complexity in SELinux configuration, but that's
> of course not technically feasible for Red Hat to pull off in FC4.)
Please don't mis-represent what others say. You don't seem to
understand SELinux very well at all...
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-devel-list
mailing list