On Fri, 2005-09-09 at 12:53 -0400, Stephen Smalley wrote: > On Fri, 2005-09-09 at 09:33 -0700, Todd Merritt wrote: > > I can't find where I read this now, could somebody please tell me what I > > need to add/remove from the strict policy to disallow running of the > > setenforce command (but still allow changing enforcement mode via > > rebooting) ? > > BTW, if you are going to do that, I assume you also want to remove the > ability to reload policy after the initial load? Although that has > implications for policy updates... > I hadn't thought of that. There's no point closing the window and leaving the door open, but that may be more hoops that I care to jump through for this application. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
