init labeling question for targeted policy
Russell Coker
russell at coker.com.au
Wed Dec 1 07:20:47 UTC 2004
On Sunday 28 November 2004 04:30, Colin Walters <walters at redhat.com> wrote:
> On Sat, 2004-11-27 at 05:03 -0800, Karsten Wade wrote:
> > init is started with the unconfined_t context? Was this behavior that
> > changed between FC2 and FC3, or am I missing something fundamental here?
>
> I think the distinction is just targeted vs. strict policy; FC2 didn't
> have targeted. So basically everything just starts out as unconfined,
> including the kernel, and then transitions happen for a few specific
> domains like httpd_t. For strict policy, I think it's pretty much as
> Russell described it. Does that answer your question?
Incidentally I wrote the article for FC2 and then quickly updated it for FC3.
I probably should have added more material about targeted policy.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the selinux
mailing list