Expanding the list of "Hardened Packages"
pinto.elia at gmail.com
Fri May 17 05:43:12 UTC 2013
Perhaps is not working because most of the new policy are deployed in
enforcing mode and not in permissive ? But permissive not was born
exactly for this ?
2013/4/23, Kevin Kofler <kevin.kofler at chello.at>:
> Adam Williamson wrote:
>> SELinux keeps having bugs *because* they progressively build out the
>> policies. The coverage of the -targeted policy is now greater than it
>> was a few releases back. If they kept the coverage of the stock policies
>> the same over time there would be almost no new bugs, but instead, they
>> increase the coverage and hence the security it provides progressively
>> with each release. *Some* bugs are associated with files moving or
>> program functionality changing or whatever, but most are just the result
>> of the policies growing: the 'scaling' that you say isn't working.
> It isn't working because it's adding hundreds of new policy bugs in every
> new Fedora release. And coverage is still VERY far from 100% of Fedora.
> Kevin Kofler
> devel mailing list
> devel at lists.fedoraproject.org
Inviato dal mio dispositivo mobile
More information about the devel