I based my concern on
http://www.redhat.com/magazine/006apr05/features/selinux/
and on the fact that targeted was still the default in redhat 5.
Don't get me wrong : i understand why redhat shouldn't be eager to support
strict policies. I also don't expect the problems to be generated by
redhat, but by my 3rd party products : what if websphere (and our internet
shop) stops running, or all our oracle databases in our 250 retail shops ?
Even with support, damage in $ would be to big.
I hope that in a few years, linux will become like a mainframe with default
security, and that it will be an evidence for all vendors that it's their
duty to provide the neccessary rules to protect and keep their systems and
data available.
Best solution for me would be that rbac on userbase could be made available
in targeted policy.
I think you're all doing a great job, and i still believe selinux is the
future. Keep up the good work.
hein
>
>
We are moving targeted policy to cover all non-userspace processes in
the future, (RHEL5). I am not
sure what you mean unsported. If you have layered products providing
their own policy, that will be
supported. The thing that is not supported, except through
Professional Services, and picking an choosing
which policy you will be running and modifying the existing targeted
policy. If you modify existing policy so
that it breaks the machine, Red Hat Support is going to have a difficult
time diagnosing the problem. We
just want to avoid that.
--