Keeping SELinux on (was Attention: Proprietary video driver users (ATI, Nvidia, etc.))

Ivan Gyurdiev ivg2 at cornell.edu
Fri Feb 24 12:14:43 UTC 2006


> Application developers?  What has SELinux policy got to do with application
> developers?
>   
It has everything to do with application developers. 
The person that knows most about an application can write the best 
policy, which describes best what that application does, so that the 
application can work in a safe and controlled manner, without generating 
denials.
> The targeted policy "focuses on locking down specific daemons, especially
> ones vulnerable to attack or to devastating a system if broken or
> compromised".  (From the SELinux FAQ on fedora.redhat.com.)
>
> That's a tiny subset of applications.
>   
Surely you've noticed how the number of those targets keep increasing 
with every release.
They're all migrating over from strict policy.

Anyway, the fact that it's a tiny subset of applications doesn't mean 
that it wouldn't be helpful to get developer review of the policy, and 
participation/patches.




More information about the fedora-devel-list mailing list