using selinux to control user access to files
Hein Coulier
hein.coulier at infoco.be
Tue May 10 09:01:29 UTC 2005
I based my concern on
http://www.redhat.com/magazine/006apr05/features/selinux/
and on the fact that targeted was still the default in redhat 5.
Don't get me wrong : i understand why redhat shouldn't be eager to support
strict policies. I also don't expect the problems to be generated by
redhat, but by my 3rd party products : what if websphere (and our internet
shop) stops running, or all our oracle databases in our 250 retail shops ?
Even with support, damage in $ would be to big.
I hope that in a few years, linux will become like a mainframe with default
security, and that it will be an evidence for all vendors that it's their
duty to provide the neccessary rules to protect and keep their systems and
data available.
Best solution for me would be that rbac on userbase could be made available
in targeted policy.
I think you're all doing a great job, and i still believe selinux is the
future. Keep up the good work.
hein
> >
> >
> We are moving targeted policy to cover all non-userspace processes in
> the future, (RHEL5). I am not
> sure what you mean unsported. If you have layered products providing
> their own policy, that will be
> supported. The thing that is not supported, except through
> Professional Services, and picking an choosing
> which policy you will be running and modifying the existing targeted
> policy. If you modify existing policy so
> that it breaks the machine, Red Hat Support is going to have a difficult
> time diagnosing the problem. We
> just want to avoid that.
>
>
>
> --
>
>
>
More information about the fedora-selinux-list
mailing list