experimental relaxed policy
Thomas Molina
tmolina at cablespeed.com
Mon May 3 09:44:34 UTC 2004
On Sun, 2 May 2004, Colin Walters wrote:
> Hi,
>
> There has been some work done on a "relaxed" policy. The intention of
> this policy is to simply protect system daemons, and not user logins.
> Right now there is just a policy for apache (which doesn't really work
> due to a kernel bug). Everything else runs in an "unconfined_t" domain,
> which essentially has every SELinux permission, and thus you are back to
> relying on DAC.
This sounds like a regression to me. Is this going to be instead of
further development of the strict policy, or in addition to it?
More information about the fedora-selinux-list
mailing list