On Fri, Apr 30, 2004 at 10:02:32AM -0400, Stephen Smalley wrote: > Better to have SELinux enabled > all the time with two different policies that are appropriately tuned to > the needs and desires of differing user communities. I concur with that sentiment, and didn't mean to imply that a relaxed policy is not desirable. Not having to frantically rebuild a server app the moment an exploit is discovered is reason enough to have SELinux confining all network-facing servers. I only wanted to highlight that expectations need to be reset as both the default policy has been loosened, and the relaxed policy will loosen things further. I would hate for it to reflect negatively on SELinux when someone exploits an FC2 default SELinux install; the press will not make fine distinctions, and there will be gloating from other corners. Toward that end, I think it is important that users understand where along the "low-medium-high" spectrum they have set their security. Having SELinux on by default, even with a relatively permissive policy, will (1) ensure that the code is exercised, and (2) force developers, packagers, etc., to think about the required logic, and address any performance problems, so we can get to a more secure default install. Regards, Bill Rugolsky
