Re: Expanding the list of "Hardened Packages"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 13/04/13 11:36 AM, Kevin Kofler wrote:

And I would argue that this amounts to second-guessing/duplicating what the
program tries to do in an unmaintainable morass of rules, which even for the
targeted policy (which is not even close to covering all programs in Fedora
other than as "unconfined") keeps having bugs which need to be fixed every
day, even after YEARS of debugging. SELinux just does not scale,
SELinux keeps having bugs *because* they progressively build out the 
policies. The coverage of the -targeted policy is now greater than it 
was a few releases back. If they kept the coverage of the stock policies 
the same over time there would be almost no new bugs, but instead, they 
increase the coverage and hence the security it provides progressively 
with each release. *Some* bugs are associated with files moving or 
program functionality changing or whatever, but most are just the result 
of the policies growing: the 'scaling' that you say isn't working.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux