SELinux should be off by default in FC3
Stephen Smalley
sds at epoch.ncsc.mil
Thu Oct 7 17:15:12 UTC 2004
On Thu, 2004-10-07 at 13:11, Arjan van de Ven wrote:
> while that is true it sure should be possible to have a policy that can
> be used by default and doesn't change existing "this works" practice.
> Even if that policy allows a bit more than you would want.
Hmmm...well, what I heard one person say was "apache can read everything
the customer can write" (and possibly worse, it may have been "apache
can read or write or execute anything the customer can write"). You can
certainly adjust the apache policy to fit that model, but I doubt you
want it as the default.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the devel
mailing list