Another selinux rant

Tom Lane tgl at redhat.com
Sat Jan 5 06:50:16 UTC 2008


Ralf Corsepius <rc040203 at freenet.de> writes:
> * Is it appropriate to inform arbitrary ordinary users about SELinux
> issues?

That's a real good point, as are the others made in this thread.
I think the bottom line here is that we are still working to get the
selinux policies to the point where they work 99% for 99% of users.
Once we're there we should switch over to operating behaviors that
assume that most violations represent real security problems --- but
for now I don't think we are there yet.  What the current behaviors
need to do is to encourage people to report results, so that we can
collect more data about real vs phony violations.

			regards, tom lane




More information about the fedora-devel-list mailing list