On Mon, 03 May 2004 18:16:57 EDT, Thomas Molina <tmolina@xxxxxxxxxxxxxx> said: > I am apparently not expressing myself well. My point is that if we are > relaxing policy to the point where you are relying on DAC, what is the > point? I want to test strict policy on those things where it most makes a > difference. In that vein, sendmail and bind are two which have > historically had a lot of problems. I would think those would be > candidates for stricter policy, not more permissive. I think the intent was "these 5 will be subject to strict policy, but we won't worry about *other* stuff, which will be more relaxed". So it isn't that sendmail and bind would be less relaxed, it would be things like 'hwclock' and 'ping' that would have the relaxed policy. So instead of 460 .te files (like policy-sources-1.11.2-18 has), we'd trim it down to the "top 10" and then one catch-all policy.
Attachment:
pgpLTIM4Mbgo2.pgp
Description: PGP signature
