[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Keeping SELinux on (was Attention: Proprietary video driver users (ATI, Nvidia, etc.))





On 2/24/06, Ron Yorston <rmy tigress co uk> wrote:
Davide Bolcioni wrote:
>I think we might be aiming at the wrong target, especially in
>the case of corporate admins. Target application developers,
>not admins: applications must work without requiring any modification
>to the system and adapt accordingly.

Application developers?  What has SELinux policy got to do with application
developers?

The targeted policy "focuses on locking down specific daemons, especially
ones vulnerable to attack or to devastating a system if broken or
compromised".  (From the SELinux FAQ on fedora.redhat.com.)

That's a tiny subset of applications.

That was my understanding of SELinux.  You could run a crazy program that has root privileges, is hackable, has no SELinux policy, and all that effort was for nigh. 

Benji

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]