Stephen Smalley wrote:
So how would people feel about a separate relaxed policy that allows everything in the system to run completely unconfined except for a small set of specific services, e.g. apache, bind, postfix, ...
This sounds like a big change of direction, but I think it would be useful for servers. It would also be a good starting point for people developing their own policies.
It might also be good to introduce SELinux gradually, taking the easy security gains first. It's comparatively easy to isolate things like Apache, so one approach would be to take that improvement while continuing to work on the rest.
Has anyone attempted to add type enforcement to a commercial desktop operating system before? I haven't heard of it being done; as far as I know the various distros' SELinux projects are breaking new ground. That is probably one reason why it is turning up more problems than expected.
Pete
