I based my concern on http://www.redhat.com/magazine/006apr05/features/selinux/ and on the fact that targeted was still the default in redhat 5. Don't get me wrong : i understand why redhat shouldn't be eager to support strict policies. I also don't expect the problems to be generated by redhat, but by my 3rd party products : what if websphere (and our internet shop) stops running, or all our oracle databases in our 250 retail shops ? Even with support, damage in $ would be to big. I hope that in a few years, linux will become like a mainframe with default security, and that it will be an evidence for all vendors that it's their duty to provide the neccessary rules to protect and keep their systems and data available. Best solution for me would be that rbac on userbase could be made available in targeted policy. I think you're all doing a great job, and i still believe selinux is the future. Keep up the good work. hein > > > > > We are moving targeted policy to cover all non-userspace processes in > the future, (RHEL5). I am not > sure what you mean unsported. If you have layered products providing > their own policy, that will be > supported. The thing that is not supported, except through > Professional Services, and picking an choosing > which policy you will be running and modifying the existing targeted > policy. If you modify existing policy so > that it breaks the machine, Red Hat Support is going to have a difficult > time diagnosing the problem. We > just want to avoid that. > > > > -- > > > -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list