On Fri, 2008-09-05 at 16:04 +1000, Murray McAllister wrote: > > I have moved this part to the "Unconfined Subjects" section. How about: > > Unconfined subjects run in the unconfined_t domain. For subjects running > in this domain, SELinux policy rules are applied, but policy rules exist > that allow subjects running in this domain almost all access. Subjects > running in this domain almost always fall back to using DAC rules > exclusively. When an unconfined subject is comprised, SELinux does not s/comprised/compromised/ > prevent the attacker from gaining access to system resources and data, > and only DAC rules are used. Otherwise, sounds fine. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
