On Tue, 2007-05-22 at 12:52 -0400, Daniel J Walsh wrote: > If it runs as root, it should drop capabilities that it does not need, > and it should have an SELinux policy to confine it. Of course if it > runs as non-root, it should have an SELinux policy to confine it. > > These are shoulds not musts. Dan, is there a simple guide for packagers on how to make SELinux policy for these cases? Also, is it possible to package policy as part of an application, or do changes still need to go in the master policy package? ~spot -- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers -- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
