Core 2 SELinux installation
Stephen Smalley
sds at epoch.ncsc.mil
Fri Apr 30 12:34:44 UTC 2004
On Fri, 2004-04-30 at 05:40, Pete Chown wrote:
> I think this is especially true for a new security technology. Most
> people's view of security is quite simplistic: they want the bad guys
> kept out, without their work being interfered with. If SELinux
> interferes with their work, they will turn it off, reasoning that normal
> Unix security has kept the bad guys out so far. They are then unlikely
> to try it again later however much people tell them that the policy has
> been improved.
So how would people feel about a separate relaxed policy that allows
everything in the system to run completely unconfined except for a small
set of specific services, e.g. apache, bind, postfix, ...
That would ensure that SELinux wouldn't get in the way of users, while
providing some protection benefit for network-facing services.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list