[redhat-lspp] Xinetd patch
Steve Grubb
sgrubb at redhat.com
Thu Sep 29 13:55:59 UTC 2005
On Thursday 29 September 2005 09:41, Joe Nall wrote:
> If you have a system with hundreds of compartments and their
> permutations (for example an inverse bit for each country), the
> configuration overhead of this approach is prohibitive.
I think we could allow a range of compartments so that each one is not
required. We could also allow an option that means match any context. But
generally for anything like this in xinetd, we've tried to give the admin the
hooks to restrict connections if they choose to.
If you allow xinetd to start services at any level/compartment, xinetd is
basically unconfined.
-Steve
More information about the redhat-lspp
mailing list