load_policy in chroot question
Bob Kashani
bobk at ocf.berkeley.edu
Mon Jan 10 03:33:57 UTC 2005
On Sun, 2005-01-09 at 01:20 -0500, Valdis.Kletnieks at vt.edu wrote:
> I notice yours is flagged as 'unconfined_t', which smells a lot like running
> the targeted policy. The design point for that policy is "constrain certain
> daemons, but assume that users are in general trusted and know what they're doing".
> As such, it's assuming that if you're loading the policy from a chroot that
> you know what you're doing and should be allowed to do so. If that doesn't
> describe how you want things to work, maybe you should be running 'strict'
> instead of 'targeted'?
I actually like the flexibility of targeted and I tried strict yesterday
and it causes my system to hang. When I do get the chance I will play
around with strict though.
Bob
--
Bob Kashani
http://www.ocf.berkeley.edu/~bobk/garnome
More information about the fedora-selinux-list
mailing list