Keeping SELinux on (was Attention: Proprietary video driver users (ATI, Nvidia, etc.))
Benjy Grogan
benjy.grogan at gmail.com
Fri Feb 24 11:42:45 UTC 2006
On 2/24/06, Ron Yorston <rmy at tigress.co.uk> wrote:
>
> Davide Bolcioni wrote:
> >I think we might be aiming at the wrong target, especially in
> >the case of corporate admins. Target application developers,
> >not admins: applications must work without requiring any modification
> >to the system and adapt accordingly.
>
> Application developers? What has SELinux policy got to do with
> application
> developers?
>
> The targeted policy "focuses on locking down specific daemons, especially
> ones vulnerable to attack or to devastating a system if broken or
> compromised". (From the SELinux FAQ on fedora.redhat.com.)
>
> That's a tiny subset of applications.
>
That was my understanding of SELinux. You could run a crazy program that
has root privileges, is hackable, has no SELinux policy, and all that effort
was for nigh.
Benji
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20060224/d721caca/attachment.htm>
More information about the fedora-devel-list
mailing list