Bug 129584: restrictions on user_t
Russell Coker
russell at coker.com.au
Sun Sep 19 10:31:46 UTC 2004
On Thu, 16 Sep 2004 10:09, Tom London <selinux at gmail.com> wrote:
> I can see this going towards three 'standard' policies: targeted,
> tight and strict
> (where tight is strict with usercanread 'everywhere').
>
> In general, I'm in favor of keeping strict as it is: well defined policies
> for the mandatory access controls that override the discretionary ones.
If you want strict with usercanread everywhere, then you probably want
targetted with more daemons having policy.
The general plan is to add more daemons to the targetted policy, so I think
that long-term anyone who wants what you refer to as "tight" would be best
served by the targetted policy.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the selinux
mailing list