What is SELinux targeted policy?
Daniel J Walsh
dwalsh at redhat.com
Wed Sep 22 18:50:52 UTC 2004
Alex Ackerman wrote:
> >-----Original Message-----
> >From: fedora-selinux-list-bounces at redhat.com on behalf of Daniel J Walsh
> >Sent: Mon 9/20/2004 5:35 PM
> >To: For users of Fedora Core releases; Fedora SELinux support list
> for users & developers.; Development discussions related to Fedora Core
> >Subject: What is SELinux targeted policy?
> >Strict policy is still available but will be not be installable
> >directly, you can use selinux-config-securitylevel to turn it on
> >and relabel the file system.
>
> Does this mean the strict policy will not work on a Fedora Core system
> at all or that it will take some customization prior to working
> effectively? Also, are there plans to support te domains for either
> Sendmail or Postfix via the SELinux policy in the near future? What
> about PostgreSQL/MySQL?
>
Yes strict policy will work on Fedora Core. And we are working to make
transitioning from one policy to the other easier.
system-config-securitylevel allows you to transition from one to the
other by building a relabel into the startup scripts.
We would like to add ftp and a mail agent to targeted policy
eventually. We would like to get vsftpd to work like
login in that after the users logs in a new process gets execed under
the users context or Anonymous FTP context.
The problem with mail agents is that alot of them want to touch the
users home directories, and as soon as they do
we get into labeling problems around the users home directory which we
are trying to avoid in targeted policy.
Dan
> Thanks!
> Alex Ackerman
> http://www.darkhonor.com
>
>------------------------------------------------------------------------
>
>--
>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
More information about the fedora-selinux-list
mailing list