On Fri, 2004-04-30 at 13:34, Stephen Smalley wrote: > So how would people feel about a separate relaxed policy that allows > everything in the system to run completely unconfined except for a small > set of specific services, e.g. apache, bind, postfix, ... > That would ensure that SELinux wouldn't get in the way of users, while > providing some protection benefit for network-facing services. I think that would be very worthwhile, and would probably speed uptake of SELinux on Fedora. I for one would happily switch that on asap and then gradually move to something more secure when it was much more polished. Cheers, Martin.
