On Sun, 2 May 2004, Colin Walters wrote: > Hi, > > There has been some work done on a "relaxed" policy. The intention of > this policy is to simply protect system daemons, and not user logins. > Right now there is just a policy for apache (which doesn't really work > due to a kernel bug). Everything else runs in an "unconfined_t" domain, > which essentially has every SELinux permission, and thus you are back to > relying on DAC. This sounds like a regression to me. Is this going to be instead of further development of the strict policy, or in addition to it?
