SELinux last straw
Andy Green
andy at warmcat.com
Wed Oct 17 20:26:23 UTC 2007
Somebody in the thread at some point said:
> On 10/17/07, Andy Green <andy at warmcat.com> wrote:
>> Somebody in the thread at some point said:
>>
>>>>> Regardless, you should have a way to check and fix it, unless what you
>>>>> are running is unimportant and you can abandon it.
>>>> Maybe a mode that blocks the process until you yea or nay it could be
>>>> interesting.
>>>
>>> So basically Windows vista for Linux? Cancel or Allow?
>> LOL doesn't sound so good like that.
>>
>> Maybe instead there's a way to make a local rule to allow a particular
>> process, Les' critical process, and its children to basically run in
>> permissive, while everything else stays enforced.
>
>
> Well, in targetted mode SELinux only checks... targetted applications.
> So it won't play with your critical process unless there's been a rule
> made for it, I do believe that specific rules can be disabled however.
You're right again, but Les' proposed critical application might spawn
targetted applications just to spite us all and thereby fail anyway.
-Andy
More information about the fedora-list
mailing list