On Monday 24 March 2008 02:54, "cinthya aranguren" <cinthya.aranguren@xxxxxxxxx> wrote: > Is there any way to avoid o remove DAC controls ? I'd like to have only one > security scheme in my system. I mean a pure SElinux system. not DAC + MAC. > only MAC. Back in about 2003 as an experiment I changed the ownership of all files on a SE Linux strict system to root and changed the permission to 777. It didn't work very well. One problem was that many programs rely on the Unix permissions to identify the difference between a configuration file and a shell script. In directories such as /etc there is not sufficiently fine-grained SE Linux labelling to replace this use of Unix permissions. It's possible that in the last 5 years things have changed significantly, but my last experiments showed enough obstacles to make me not want to bother going further with it. -- russell@xxxxxxxxxxxx http://etbe.coker.com.au/ My Blog http://www.coker.com.au/sponsorship.html Sponsoring Free Software development -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
