On Mon, 2005-01-17 at 09:56, Sean Middleditch wrote: > I never said SELinux is easy to configure. I just stated how it works. > It's actually essential that restorecon resets all files, according to > the SELinux experts I last spoke with, since that means that an "SELinux > security expert" (i.e. a relatively small handful of SELinux developers) > can look in one place to check the available flow of information and > privileges in the system; if you could change individual files then > you'd really have no way to know what files had what contexts without > expensive whole-system searches. (Granted, I think then that the file- > systems people use should be "fixed" to make it not-so-expensive and to > get rid of duality and complexity in SELinux configuration, but that's > of course not technically feasible for Red Hat to pull off in FC4.) Please don't mis-represent what others say. You don't seem to understand SELinux very well at all... -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
