On Wed, 2006-03-29 at 10:19 -0700, Stephen J. Smoogen wrote: > I am trying to go over the questions in here one by one.. as I need to > work out what could be done for some systems where I work. I have one > question so far: > > Q: What about the strict policy? Does it even work? > [From the list at release time.. I thought strict policy was broken > for Core.] Yes, -strict in FC5 is broken at the moment, although there is ongoing work to resolve the issues needed to get it working. The breakage isn't really anything to do with -strict per se, just fully modularized policy (breaking down even the base policy into lots of individual modules). > Q: What is the Reference Policy? > > [I found I am really confused by this answer.. if my muddled brain > is getting this correct.. the Reference Policy is the base policy that > the Fedora Core 5 targeted, strict, mls policies are based off of the > Reference Policy.. or are there 2 sets of policies shipped with Fedora > Core 5 some of which are based off of the old set and the others by > the new set.] Reference policy is the new source policy tree from which all policy types (-strict, -targeted, -mls) are being built. Previously, they were being built from the NSA example policy source tree. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
