experimental relaxed policy

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Mon May 3 23:22:56 UTC 2004


On Mon, 03 May 2004 18:16:57 EDT, Thomas Molina <tmolina at cablespeed.com>  said:

> I am apparently not expressing myself well.  My point is that if we are 
> relaxing policy to the point where you are relying on DAC, what is the 
> point?  I want to test strict policy on those things where it most makes a 
> difference.  In that vein, sendmail and bind are two which have 
> historically had a lot of problems.  I would think those would be 
> candidates for stricter policy, not more permissive.

I think the intent was "these 5 will be subject to strict policy, but we won't
worry about *other* stuff, which will be more relaxed".

So it isn't that sendmail and bind would be less relaxed, it would be things
like 'hwclock' and 'ping' that would have the relaxed policy.

So instead of 460 .te files (like policy-sources-1.11.2-18 has), we'd trim it down
to the "top 10" and then one catch-all policy.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20040503/70367031/attachment.sig>


More information about the fedora-selinux-list mailing list