Question about split betweeen delivered and local policy
David Highley
dhighley at highley-recommended.com
Thu Jul 9 19:36:21 UTC 2009
Seems with every new version of Fedora there are several modifications
to selinux policy that we need to do. So were trying to understand where
the split is between creating a bug report and when we need to create
local policy modifications.
For example, email seems to always need selinux policy changes so that
avc's are not blocking spamassassin and pyzor. We did a tar with option
--xattrs on a Fedora 10 system for home directories and were not able
to restore the tar on a Fedora 11 until we did a policy change. Still
ended up needing to a restorecon on the home directories.
We wonder if poking these holes in the delivered policies is the correct
fix or are we opening up unnecessary security holes.
More information about the fedora-selinux-list
mailing list