[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux should be off by default in FC3



On Thu, 2004-10-07 at 13:11, Arjan van de Ven wrote:
> while that is true it sure should be possible to have a policy that can
> be used by default and doesn't change existing "this works" practice.
> Even if that policy allows a bit more than you would want.

Hmmm...well, what I heard one person say was "apache can read everything
the customer can write" (and possibly worse, it may have been "apache
can read or write or execute anything the customer can write").  You can
certainly adjust the apache policy to fit that model, but I doubt you
want it as the default.

-- 
Stephen Smalley <sds epoch ncsc mil>
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]