Hein Coulier wrote:
We are moving targeted policy to cover all non-userspace processes in the future, (RHEL5). I am notYes, if you want to have user roles and domains, you need strict policy. targeted policy lacks the infrastructure for user roles and domains; it only knows about daemons.
Ah, unfortunately RHEL4 didn't ship with a strict policy included. You can take it up with your Red Hat support person, or grab the selinux-policy-strict* packages from Fedora Core (in the latter case, you will likely want to also upgrade your other SELinux-related packages, e.g. libsepol, libsepol-devel, libselinux, libselinux-devel, checkpolicy, policycoreutils, setools, setools-gui).
That is a bummer ! I read that redhat (even in rhel5) is not supporting the strict policy. Since we're running a lot of 3rd party products (oracle, websphere, openview, controlm, ...) , i doubt that managment will be willing to take the risk of running unsupported.
I'll have to address my supperiors, but i fear it might be over-and-out for selinux.
Neverrtheless, thanks for the support and your time !
sure what you mean unsported. If you have layered products providing their own policy, that will be
supported. The thing that is not supported, except through Professional Services, and picking an choosing
which policy you will be running and modifying the existing targeted policy. If you modify existing policy so
that it breaks the machine, Red Hat Support is going to have a difficult time diagnosing the problem. We
just want to avoid that.
--
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
