[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Bug 129584: restrictions on user_t
- From: Russell Coker <russell coker com au>
- To: fedora-selinux-list redhat com, Tom London <selinux gmail com>
- Cc:
- Subject: Re: Bug 129584: restrictions on user_t
- Date: Sun, 19 Sep 2004 20:31:46 +1000
On Thu, 16 Sep 2004 10:09, Tom London <selinux gmail com> wrote:
> I can see this going towards three 'standard' policies: targeted,
> tight and strict
> (where tight is strict with usercanread 'everywhere').
>
> In general, I'm in favor of keeping strict as it is: well defined policies
> for the mandatory access controls that override the discretionary ones.
If you want strict with usercanread everywhere, then you probably want
targetted with more daemons having policy.
The general plan is to add more daemons to the targetted policy, so I think
that long-term anyone who wants what you refer to as "tight" would be best
served by the targetted policy.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]