On Thu, 28 Apr 2005 10:20:55 +0200, Davide Bolcioni wrote: > That's part of what I would be looking for. How would I find out about the > policies in effect ? You can review their sources. > The initial goal is compatibility: ship a possibly distribution-specific > package which works regardless of whether the customer uses no selinux, > the targeted policy or the strict policy. Making it policy-specific > would be ugly, as I would get a combinatorial explosion of .rpm packages > to ship. OK. What exactly broke your app? Targetted isn't supposed to interfere with most programs (except that sometimes that doesn't seem to be the case, I'm still researching this too!). So you should be able to ignore that. It may be that the shlib_textrel_t thing got you, so far that's the only part of targetted I know about which isn't actually backwards compatible. As for strict policy, well I don't know what the default there is. I guess the default is "deny everything" so every program needs policy to work but I don't know for sure. I don't think many people run strict right now though. Until binary policy is implemented though I am not sure you can ship policy in RPMs. It has to be in the central policy as a patch and you can then mark the files with the right contexts. You (hopefully) shouldn't need any custom policy though. thanks -mike -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list