On Thu, 2009-07-30 at 12:04 +0800, Cliffe wrote: > So I am not sure why opera seams to be unconfined, or if removing the > permissive line was on the right track. Any advice? permissive domains can be used to troubleshoot/develop policy, without exposing the whole system. eventually, after you've completed the development of your policy , and before you deploy your policy you should remove the permissive domain. But in development stages a permissive domain makes it easier to debug your policy since everything is allowed but would be denials are logged. > Thank you, > > Cliffe. > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
