[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

experimental relaxed policy



Hi,

There has been some work done on a "relaxed" policy.  The intention of
this policy is to simply protect system daemons, and not user logins. 
Right now there is just a policy for apache (which doesn't really work
due to a kernel bug).  Everything else runs in an "unconfined_t" domain,
which essentially has every SELinux permission, and thus you are back to
relying on DAC.

But we'll be working on improving this policy.  Right now the binary
packages are called policy-relaxed and policy-relaxed-sources.  This is
likely to change.

If you want to experiment with this, please see:
http://people.redhat.com/~walters/selinux/

Again, much is likely to change, so you should basically only try this
now if you are willing to help hack on it :)

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]