On Thu, 16 Sep 2004 10:09, Tom London <selinux(a)gmail.com> wrote:
I can see this going towards three 'standard' policies:
targeted,
tight and strict
(where tight is strict with usercanread 'everywhere').
In general, I'm in favor of keeping strict as it is: well defined policies
for the mandatory access controls that override the discretionary ones.
If you want strict with usercanread everywhere, then you probably want
targetted with more daemons having policy.
The general plan is to add more daemons to the targetted policy, so I think
that long-term anyone who wants what you refer to as "tight" would be best
served by the targetted policy.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page