Policy about network-listening daemons running as root?
Tom "spot" Callaway
tcallawa at redhat.com
Tue May 22 16:53:07 UTC 2007
On Tue, 2007-05-22 at 12:52 -0400, Daniel J Walsh wrote:
> If it runs as root, it should drop capabilities that it does not need,
> and it should have an SELinux policy to confine it. Of course if it
> runs as non-root, it should have an SELinux policy to confine it.
>
> These are shoulds not musts.
Dan, is there a simple guide for packagers on how to make SELinux policy
for these cases?
Also, is it possible to package policy as part of an application, or do
changes still need to go in the master policy package?
~spot
More information about the Fedora-maintainers
mailing list