On Mon, 22 Nov 2004 13:05:53 EST, Colin Walters said: > > It will be hard for users to guess "httpd_unified" means "allowing httpd fullaccess to all contents". > > My hope is that anyone who wants to do SELinux/Apache work on Fedora > will either > 1) Read the Fedora Apache/SELinux guide, where this is documented > 2) Understand enough about SELinux to understand what the union of a > permission set means. Idiot me - at first glance, I assumed that 'httpd_unified' was the policy file that allowed for differences in file locations across Fedora/debian/gentoo. ;) Yes, I know what the union of a permission set is (at least when I've had enough caffeine - but didn't see that "unified" referred to a union of permission sets.... Yuichi is correct - it's not an incredibly intuitive name. And remember that a *lot* of people will be installing SELinux under future Fedora Core and RHEL releases who are *NOT* SELinux experts - they will know "I'm running SELinux, and I have these services, so I need to install the policies they need" - and that's the limit of their in-depth understanding...
Attachment:
pgpchbIZhlRNy.pgp
Description: PGP signature
