On Sunday 28 November 2004 04:30, Colin Walters <walters@xxxxxxxxxx> wrote: > On Sat, 2004-11-27 at 05:03 -0800, Karsten Wade wrote: > > init is started with the unconfined_t context? Was this behavior that > > changed between FC2 and FC3, or am I missing something fundamental here? > > I think the distinction is just targeted vs. strict policy; FC2 didn't > have targeted. So basically everything just starts out as unconfined, > including the kernel, and then transitions happen for a few specific > domains like httpd_t. For strict policy, I think it's pretty much as > Russell described it. Does that answer your question? Incidentally I wrote the article for FC2 and then quickly updated it for FC3. I probably should have added more material about targeted policy. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
