Core 2 SELinux installation
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Fri Apr 30 16:47:56 UTC 2004
On Fri, 30 Apr 2004 08:34:44 EDT, Stephen Smalley <sds at epoch.ncsc.mil> said:
> So how would people feel about a separate relaxed policy that allows
> everything in the system to run completely unconfined except for a small
> set of specific services, e.g. apache, bind, postfix, ...
> That would ensure that SELinux wouldn't get in the way of users, while
> providing some protection benefit for network-facing services.
Hmm.. that sounds like something that might be a good idea for some
environments, but it's not something that I want on my machines.
Personally, I *like* the idea that things like Mozilla and my MUA can
be confined - my machines are already hardened enough that those two
are positively the soft underbelly of the system....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20040430/827dbc1d/attachment.sig>
More information about the fedora-selinux-list
mailing list