[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Core 2 SELinux installation



On Fri, Apr 30, 2004 at 10:03:51AM -0400, Stephen Smalley wrote:
> On Fri, 2004-04-30 at 09:24, Jeremy Katz wrote:
> > I think (consistent with my view a few months ago :-) that this is a
> > very good idea.  At the same time, it's something that's clearly not
> > realistic to target for FC2 since the last test release just went out
> > and so it'd be going out with very little testing.
> 
> That's fine; it can always be introduced post-FC2.  It matters little
> for FC2 given that SELinux will be disabled by default for it anyway.

Yes a small focused policy is a good thing and much better than
apparently inviting people to boot with SELinux off.

This would keep the security checking code paths active, but with a
minimum list of things to check the impact would be minimized.  This
includes syslog noise as well.

A minimized policy would remove much demand to remove or hobble the
kernel side mechanism and minimize any divergence that developers
might wish to introduce.

I happen to like the current effort to "classify everything" but this
is a big task.  Since not all packages that folks like to use pass
through RH hands the task is almost unbounded.


-- 
	T o m  M i t c h e l l 
	/dev/null the ultimate in secure storage.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]