Core 2 SELinux installation
Jeremy Katz
katzj at redhat.com
Fri Apr 30 13:24:31 UTC 2004
On Fri, 2004-04-30 at 08:34 -0400, Stephen Smalley wrote:
> So how would people feel about a separate relaxed policy that allows
> everything in the system to run completely unconfined except for a small
> set of specific services, e.g. apache, bind, postfix, ...
> That would ensure that SELinux wouldn't get in the way of users, while
> providing some protection benefit for network-facing services.
I think (consistent with my view a few months ago :-) that this is a
very good idea. At the same time, it's something that's clearly not
realistic to target for FC2 since the last test release just went out
and so it'd be going out with very little testing.
Jeremy
More information about the fedora-selinux-list
mailing list