On Fri, 2004-04-30 at 08:34 -0400, Stephen Smalley wrote:
So how would people feel about a separate relaxed policy that allows
everything in the system to run completely unconfined except for a small
set of specific services, e.g. apache, bind, postfix, ...
That would ensure that SELinux wouldn't get in the way of users, while
providing some protection benefit for network-facing services.
I think (consistent with my view a few months ago :-) that this is a
very good idea. At the same time, it's something that's clearly not
realistic to target for FC2 since the last test release just went out
and so it'd be going out with very little testing.
Jeremy