experimental relaxed policy

Thomas Molina tmolina at cablespeed.com
Mon May 3 09:44:34 UTC 2004


On Sun, 2 May 2004, Colin Walters wrote:

> Hi,
> 
> There has been some work done on a "relaxed" policy.  The intention of
> this policy is to simply protect system daemons, and not user logins. 
> Right now there is just a policy for apache (which doesn't really work
> due to a kernel bug).  Everything else runs in an "unconfined_t" domain,
> which essentially has every SELinux permission, and thus you are back to
> relying on DAC.

This sounds like a regression to me.  Is this going to be instead of 
further development of the strict policy, or in addition to it?  



More information about the fedora-selinux-list mailing list