[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Fedora Core 4

From: Stephen Smalley <sds epoch ncsc mil>
To: Development discussions related to Fedora Core <fedora-devel-list redhat com>
Subject: Re: Fedora Core 4
Date: Tue, 18 Jan 2005 07:24:29 -0500

On Mon, 2005-01-17 at 09:56, Sean Middleditch wrote:
> I never said SELinux is easy to configure.  I just stated how it works.
> It's actually essential that restorecon resets all files, according to
> the SELinux experts I last spoke with, since that means that an "SELinux
> security expert" (i.e. a relatively small handful of SELinux developers)
> can look in one place to check the available flow of information and
> privileges in the system; if you could change individual files then
> you'd really have no way to know what files had what contexts without
> expensive whole-system searches.  (Granted, I think then that the file-
> systems people use should be "fixed" to make it not-so-expensive and to
> get rid of duality and complexity in SELinux configuration, but that's
> of course not technically feasible for Red Hat to pull off in FC4.)

Please don't mis-represent what others say.  You don't seem to
understand SELinux very well at all...

-- 
Stephen Smalley <sds epoch ncsc mil>
National Security Agency

References:
- Fedora Core 4
  - From: Bill Nottingham
- Re: Fedora Core 4
  - From: Rahul Sundaram
- Re: Fedora Core 4
  - From: Sean Middleditch
- Re: Fedora Core 4
  - From: Karsten Wade
- Re: Fedora Core 4
  - From: Sean Middleditch
- Re: Fedora Core 4
  - From: Chris Adams
- Re: Fedora Core 4
  - From: Sean Middleditch

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]