[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: experimental relaxed policy

From: Thomas Molina <tmolina cablespeed com>
To: "Fedora SELinux support list for users & developers." <fedora-selinux-list redhat com>
Subject: Re: experimental relaxed policy
Date: Mon, 3 May 2004 05:44:34 -0400 (EDT)

On Sun, 2 May 2004, Colin Walters wrote:

> Hi,
> 
> There has been some work done on a "relaxed" policy.  The intention of
> this policy is to simply protect system daemons, and not user logins. 
> Right now there is just a policy for apache (which doesn't really work
> due to a kernel bug).  Everything else runs in an "unconfined_t" domain,
> which essentially has every SELinux permission, and thus you are back to
> relying on DAC.

This sounds like a regression to me.  Is this going to be instead of 
further development of the strict policy, or in addition to it?

Follow-Ups:
- Re: experimental relaxed policy
  - From: Daniel J Walsh

References:
- experimental relaxed policy
  - From: Colin Walters

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]