On Fri, 2004-04-30 at 10:39 -0400, Bill Rugolsky Jr. wrote:
I concur with that sentiment, and didn't mean to imply that a
relaxed
policy is not desirable. Not having to frantically rebuild a server
app the moment an exploit is discovered is reason enough to have SELinux
confining all network-facing servers. I only wanted to highlight that
expectations need to be reset as both the default policy has been loosened,
and the relaxed policy will loosen things further. I would hate for it
to reflect negatively on SELinux when someone exploits an FC2 default
SELinux install; the press will not make fine distinctions, and there
will be gloating from other corners. Toward that end, I think it is
important that users understand where along the "low-medium-high"
spectrum they have set their security.
Definitely -- my plan is to provide the spectrum of choices and also
have accompanying explanatory text so that users can make an informed
decision about what they want to use SELinux-wise on their system
Having SELinux on by default, even with a relatively permissive
policy,
will (1) ensure that the code is exercised, and (2) force developers,
packagers, etc., to think about the required logic, and address any
performance problems, so we can get to a more secure default install.
Yep, and hopefully then in the longer term, we can move to more and more
locked down setups as users become used to the concepts introduced by
SELinux and applications become aware of it.
Jeremy