Perhaps is not working because most of the new policy are deployed in enforcing mode and not in permissive ? But permissive not was born exactly for this ? Best 2013/4/23, Kevin Kofler <kevin.kofler@xxxxxxxxx>: > Adam Williamson wrote: >> SELinux keeps having bugs *because* they progressively build out the >> policies. The coverage of the -targeted policy is now greater than it >> was a few releases back. If they kept the coverage of the stock policies >> the same over time there would be almost no new bugs, but instead, they >> increase the coverage and hence the security it provides progressively >> with each release. *Some* bugs are associated with files moving or >> program functionality changing or whatever, but most are just the result >> of the policies growing: the 'scaling' that you say isn't working. > > It isn't working because it's adding hundreds of new policy bugs in every > new Fedora release. And coverage is still VERY far from 100% of Fedora. > > Kevin Kofler > > -- > devel mailing list > devel@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/devel -- Inviato dal mio dispositivo mobile -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
