On Fri, Feb 24, 2006 at 12:45:17 +0100, Ralf Ertzinger <fedora@xxxxxxxxxxxxxx> wrote: > Hi. > > On Fri, 24 Feb 2006 06:42:45 -0500, Benjy Grogan wrote: > > > That was my understanding of SELinux. You could run a crazy program > > that has root privileges, is hackable, has no SELinux policy, and all > > that effort was for nigh. > > I think this is a question of policy. The "targeted" policy does > what you describe, it just confines specific applications. You are > free to use the reverse approach, though. And 'targetted' still buys you a lot. Not all programs are used the same way and some will be a lot more likely to be a way in to your system then others. For 'targetted', internet facing daemons have had restrictive policies written for them. These are one set of high risk programs. Another set, that I don't believe has gotten much coverage, are end users programs used to view data that typically comes from outside sources. This should include such things as web browsers, mail clients, editors, pdf viewers, and music and/or video players. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
