On Thu, 16 Sep 2004 10:09, Tom London <selinux@xxxxxxxxx> wrote: > I can see this going towards three 'standard' policies: targeted, > tight and strict > (where tight is strict with usercanread 'everywhere'). > > In general, I'm in favor of keeping strict as it is: well defined policies > for the mandatory access controls that override the discretionary ones. If you want strict with usercanread everywhere, then you probably want targetted with more daemons having policy. The general plan is to add more daemons to the targetted policy, so I think that long-term anyone who wants what you refer to as "tight" would be best served by the targetted policy. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
