experimental relaxed policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

There has been some work done on a "relaxed" policy.  The intention of
this policy is to simply protect system daemons, and not user logins. 
Right now there is just a policy for apache (which doesn't really work
due to a kernel bug).  Everything else runs in an "unconfined_t" domain,
which essentially has every SELinux permission, and thus you are back to
relying on DAC.

But we'll be working on improving this policy.  Right now the binary
packages are called policy-relaxed and policy-relaxed-sources.  This is
likely to change.

If you want to experiment with this, please see:
http://people.redhat.com/~walters/selinux/

Again, much is likely to change, so you should basically only try this
now if you are willing to help hack on it :)

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux