> Not an answer to your question but there's an interesting discussion on > AppArmor and SELinux in Dan Walsh's blog: > > http://danwalsh.livejournal.com/424.html maybe it's time to accept that SELinux as technology is doomed. Not because the code is bad, but because it's Just Too Complex(tm). Complexity kills, and I think the time it is taking to get to the point where at least less than 99% of the people turns selinux off first thing is waay too long already. Maybe it's a matter of focus; sometimes I get the impression the focus is to give more coverage rather than to get the existing coverage to the point where people use it... but maybe the later is just so much work and so time consuming that it takes more time to get it than it takes the codebase to change again. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
