[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Core 2 SELinux installation
- From: Stephen Smalley <sds epoch ncsc mil>
- To: "Fedora SELinux support list for users & developers." <fedora-selinux-list redhat com>
- Subject: Re: Core 2 SELinux installation
- Date: Fri, 30 Apr 2004 08:34:44 -0400
On Fri, 2004-04-30 at 05:40, Pete Chown wrote:
> I think this is especially true for a new security technology. Most
> people's view of security is quite simplistic: they want the bad guys
> kept out, without their work being interfered with. If SELinux
> interferes with their work, they will turn it off, reasoning that normal
> Unix security has kept the bad guys out so far. They are then unlikely
> to try it again later however much people tell them that the policy has
> been improved.
So how would people feel about a separate relaxed policy that allows
everything in the system to run completely unconfined except for a small
set of specific services, e.g. apache, bind, postfix, ...
That would ensure that SELinux wouldn't get in the way of users, while
providing some protection benefit for network-facing services.
--
Stephen Smalley <sds epoch ncsc mil>
National Security Agency
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]