experimental relaxed policy
Colin Walters
walters at redhat.com
Sun May 2 22:49:11 UTC 2004
Hi,
There has been some work done on a "relaxed" policy. The intention of
this policy is to simply protect system daemons, and not user logins.
Right now there is just a policy for apache (which doesn't really work
due to a kernel bug). Everything else runs in an "unconfined_t" domain,
which essentially has every SELinux permission, and thus you are back to
relying on DAC.
But we'll be working on improving this policy. Right now the binary
packages are called policy-relaxed and policy-relaxed-sources. This is
likely to change.
If you want to experiment with this, please see:
http://people.redhat.com/~walters/selinux/
Again, much is likely to change, so you should basically only try this
now if you are willing to help hack on it :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20040502/3cce48f8/attachment.sig>
More information about the fedora-selinux-list
mailing list