On Tue, 11 Mar 2008, Justin Mattock wrote: > Hi; > Thanks for the reply, With handle_unkown=deny should this provide enough > security, until the upstream release comes out? Yes, although the default is 'allow', so that your system doesn't break due to lack of policy for the new permissions. For production systems, I suggest ensuring that you have both the kernel and policy updated to match each other. - James -- James Morris <jmorris@xxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
