On Sun, Mar 23, 2008 at 7:34 PM, Russell Coker <russell@xxxxxxxxxxxx> wrote: > On Monday 24 March 2008 02:54, "cinthya aranguren" > > <cinthya.aranguren@xxxxxxxxx> wrote: > > > Is there any way to avoid o remove DAC controls ? I'd like to have only one > > security scheme in my system. I mean a pure SElinux system. not DAC + MAC. > > only MAC. > > Back in about 2003 as an experiment I changed the ownership of all files on a > SE Linux strict system to root and changed the permission to 777. It didn't > work very well. One problem was that many programs rely on the Unix > permissions to identify the difference between a configuration file and a > shell script. In directories such as /etc there is not sufficiently > fine-grained SE Linux labelling to replace this use of Unix permissions. Ok, I understand. In a pure SELinux ditribution this would be fixed or patched. It does not seems to be a problem. I mean .. a security issue. > > It's possible that in the last 5 years things have changed significantly, but > my last experiments showed enough obstacles to make me not want to bother > going further with it. > don't lost your faith :-) > -- > russell@xxxxxxxxxxxx > http://etbe.coker.com.au/ My Blog > > http://www.coker.com.au/sponsorship.html Sponsoring Free Software development > Cinthya. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
