What is SELinux targeted policy?
Russell Coker
russell at coker.com.au
Fri Sep 24 12:58:30 UTC 2004
On Thu, 23 Sep 2004 04:33, "Alex Ackerman" <alex at darkhonor.com> wrote:
> Does this mean the strict policy will not work on a Fedora Core system at
> all or that it will take some customization prior to working effectively?
> Also, are there plans to support te domains for either Sendmail or Postfix
> via the SELinux policy in the near future? What about PostgreSQL/MySQL?
The strict policy works well for reasonably default configurations. On all
the machines I use seriously (IE not test machines) I run the strict policy.
It's been working well for me for years.
But using strict policy requires that you know how to write policy if you want
to go too far from the defaults, if this is a problem for you then you want
the targeted policy.
We plan to continue slowly adding domains to the targeted policy. Sendmail,
Postfix, PostgreSQL and MySQL are all good candidates for that.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list