using selinux to control user access to files

Hein Coulier hein.coulier at infoco.be
Mon May 9 14:30:43 UTC 2005


>
> Yes, if you want to have user roles and domains, you need strict policy.
> targeted policy lacks the infrastructure for user roles and domains; it
> only knows about daemons.
>
>
> Ah, unfortunately RHEL4 didn't ship with a strict policy included.
> You can take it up with your Red Hat support person, or grab the
> selinux-policy-strict* packages from Fedora Core (in the latter case,
> you will likely want to also upgrade your other SELinux-related
> packages, e.g. libsepol, libsepol-devel, libselinux, libselinux-devel,
> checkpolicy, policycoreutils, setools, setools-gui).
>

That is a bummer !  I read that redhat (even in rhel5) is not supporting the
strict policy.  Since we're running a lot of 3rd party products (oracle,
websphere, openview, controlm, ...) , i doubt that managment will be willing
to take the risk of running unsupported.

I'll have to address my supperiors, but i fear it might be over-and-out for
selinux.

Neverrtheless, thanks for the support and your time !




More information about the fedora-selinux-list mailing list