Keeping SELinux on (was Attention: Proprietary video driver users (ATI, Nvidia, etc.))
Ivan Gyurdiev
ivg2 at cornell.edu
Fri Feb 24 12:14:43 UTC 2006
> Application developers? What has SELinux policy got to do with application
> developers?
>
It has everything to do with application developers.
The person that knows most about an application can write the best
policy, which describes best what that application does, so that the
application can work in a safe and controlled manner, without generating
denials.
> The targeted policy "focuses on locking down specific daemons, especially
> ones vulnerable to attack or to devastating a system if broken or
> compromised". (From the SELinux FAQ on fedora.redhat.com.)
>
> That's a tiny subset of applications.
>
Surely you've noticed how the number of those targets keep increasing
with every release.
They're all migrating over from strict policy.
Anyway, the fact that it's a tiny subset of applications doesn't mean
that it wouldn't be helpful to get developer review of the policy, and
participation/patches.
More information about the fedora-devel-list
mailing list