Hein Coulier wrote:
>Yes, if you want to have user roles and domains, you need strict
>targeted policy lacks the infrastructure for user roles and domains; it
>only knows about daemons.
>Ah, unfortunately RHEL4 didn't ship with a strict policy included.
>You can take it up with your Red Hat support person, or grab the
>selinux-policy-strict* packages from Fedora Core (in the latter case,
>you will likely want to also upgrade your other SELinux-related
>packages, e.g. libsepol, libsepol-devel, libselinux, libselinux-devel,
>checkpolicy, policycoreutils, setools, setools-gui).
That is a bummer ! I read that redhat (even in rhel5) is not supporting the
strict policy. Since we're running a lot of 3rd party products (oracle,
websphere, openview, controlm, ...) , i doubt that managment will be willing
to take the risk of running unsupported.
I'll have to address my supperiors, but i fear it might be over-and-out for
Neverrtheless, thanks for the support and your time !
We are moving targeted policy to cover all non-userspace processes in
the future, (RHEL5). I am not
sure what you mean unsported. If you have layered products providing
their own policy, that will be
supported. The thing that is not supported, except through
Professional Services, and picking an choosing
which policy you will be running and modifying the existing targeted
policy. If you modify existing policy so
that it breaks the machine, Red Hat Support is going to have a difficult
time diagnosing the problem. We
just want to avoid that.