Let me apologize if this is the wrong place to ask this question, but I figure that those well versed in SELinux can help me. I have been reading a ton about SELinux and Flask, and I haven't found anything that answered my question.
I am working on creating a security policy from scratch and followed the tutorial the IBM published (http://www-128.ibm.com/developerworks/linux/library/l-selinux.html
). After taking a look at the bare bones policy.conf file it generated, it got me thinking- I don't need to have something as granular as SELinux allows me to be. In fact it would simplify things if I could change the granularity. How would SELinux be affected if I were to remove some of the class definitions and took anything that referred to those classes out of my policy? Would SELinux just not enforce anything on those types of objects, would SELinux completely disallow all use of those objects or would it just break SELinux?
Thank you for your time and help,