periodic policy audits
Stephen Smalley
sds at tycho.nsa.gov
Fri Feb 22 14:47:41 UTC 2008
On Thu, 2008-02-21 at 18:28 -0500, Bill Nottingham wrote:
> Again, looking through the policy I see sections for policy
> to confine cardmgr, /etc/hotplug scripts, updfstab, etc. Do
> we do any routine policy updates to purge obsolete policy?
>
> If not, should we?
(these questions really belong over on selinux list)
I think part of the problem is that upstream policy needs to retain the
ability to be used on existing releases, all the way back to RHEL4,
although it does have ifdefs for that kind of thing.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list