[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: experimental relaxed policy



On Sun, 2 May 2004, Colin Walters wrote:

> Hi,
> 
> There has been some work done on a "relaxed" policy.  The intention of
> this policy is to simply protect system daemons, and not user logins. 
> Right now there is just a policy for apache (which doesn't really work
> due to a kernel bug).  Everything else runs in an "unconfined_t" domain,
> which essentially has every SELinux permission, and thus you are back to
> relying on DAC.

This sounds like a regression to me.  Is this going to be instead of 
further development of the strict policy, or in addition to it?  

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]