What is SELinux targeted policy?
Rodolfo J. Paiz
rpaiz at simpaticus.com
Wed Sep 22 16:33:52 UTC 2004
On Mon, 2004-09-20 at 15:35, Daniel J Walsh wrote:
> When FC2 was released we attempted to add the NSA strict policy to the
> operating system.
Daniel, could you wrap your lines a little shorter? It seems to be set
at nearly 100 characters now.
> We decided at that point to take a step back and go with a strategy
> where we would lock down
> a few daemons with SELinux and allow the rest of the system to run in
> the same manner with
> or without SELinux. Targeted policy was born.
>
Will targeted policy be the default for FC3?
> Strict policy is still available but will be not be installable
> directly, you can use selinux-config-securitylevel to turn it on
> and relabel the file system.
>
Perhaps that might be best changed to "system-config-selinux" for
consistency? I frequently type "system-config-<TAB>" to find useful
sysadmin commands and I'd miss that one without ever knowing.
Cheers,
--
Rodolfo J. Paiz <rpaiz at simpaticus.com>
Simpaticus.com
More information about the fedora-list
mailing list