[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How best (BUT WHY) get rid of SELinux?



On Thu, Sep 27, 2007 at 00:12:12 -0400,
  Ric Moore <wayward4now gmail com> wrote:
> 
> NOW you've got my attention. I actually need something just like that.
> As a matter of fact, if you could REALLY lock down the front porch,
> restricting service to just your subnets, and a local DNS server, you
> wouldn't need the guards inside to be set strict? As much? Tell me about
> this... inquiring minds want to know. What's the real deal? Ric

I have just seen discussions for patches dealing with this on the selinux list.
I don't know what exactly the final plan is supposed to be. I believe you are
supposed to be able to attach context to packets based on host and port
information. This allows you to at least label packets based on address and
port information reliably (as much as you can trust the ipsec signatures). I
don't know if the sender of a packet will be able to attach context to packets
that the recipient can use.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]