Perhaps is not working because most of the new policy are deployed in
enforcing mode and not in permissive ? But permissive not was born
exactly for this ?
2013/4/23, Kevin Kofler <kevin.kofler(a)chello.at>:
Adam Williamson wrote:
> SELinux keeps having bugs *because* they progressively build out the
> policies. The coverage of the -targeted policy is now greater than it
> was a few releases back. If they kept the coverage of the stock policies
> the same over time there would be almost no new bugs, but instead, they
> increase the coverage and hence the security it provides progressively
> with each release. *Some* bugs are associated with files moving or
> program functionality changing or whatever, but most are just the result
> of the policies growing: the 'scaling' that you say isn't working.
It isn't working because it's adding hundreds of new policy bugs in every
new Fedora release. And coverage is still VERY far from 100% of Fedora.
devel mailing list
Inviato dal mio dispositivo mobile