On Fri, 2004-04-30 at 08:34 -0400, Stephen Smalley wrote: > So how would people feel about a separate relaxed policy that allows > everything in the system to run completely unconfined except for a small > set of specific services, e.g. apache, bind, postfix, ... > That would ensure that SELinux wouldn't get in the way of users, while > providing some protection benefit for network-facing services. I think (consistent with my view a few months ago :-) that this is a very good idea. At the same time, it's something that's clearly not realistic to target for FC2 since the last test release just went out and so it'd be going out with very little testing. Jeremy
