On Fri, 30 Apr 2004 08:34:44 EDT, Stephen Smalley <sds@xxxxxxxxxxxxxx> said: > So how would people feel about a separate relaxed policy that allows > everything in the system to run completely unconfined except for a small > set of specific services, e.g. apache, bind, postfix, ... > That would ensure that SELinux wouldn't get in the way of users, while > providing some protection benefit for network-facing services. Hmm.. that sounds like something that might be a good idea for some environments, but it's not something that I want on my machines. Personally, I *like* the idea that things like Mozilla and my MUA can be confined - my machines are already hardened enough that those two are positively the soft underbelly of the system....
Attachment:
pgp9FW2Y5uKSL.pgp
Description: PGP signature
