Hi, There has been some work done on a "relaxed" policy. The intention of this policy is to simply protect system daemons, and not user logins. Right now there is just a policy for apache (which doesn't really work due to a kernel bug). Everything else runs in an "unconfined_t" domain, which essentially has every SELinux permission, and thus you are back to relying on DAC. But we'll be working on improving this policy. Right now the binary packages are called policy-relaxed and policy-relaxed-sources. This is likely to change. If you want to experiment with this, please see: http://people.redhat.com/~walters/selinux/ Again, much is likely to change, so you should basically only try this now if you are willing to help hack on it :)
Attachment:
signature.asc
Description: This is a digitally signed message part
