Re: Bug 129584: restrictions on user

On Thu, 16 Sep 2004 10:09, Tom London <selinux@xxxxxxxxx> wrote:
> I can see this going towards three 'standard' policies: targeted,
> tight and strict
> (where tight is strict with usercanread 'everywhere').
>
> In general, I'm in favor of keeping strict as it is: well defined policies
> for the mandatory access controls that override the discretionary ones.

If you want strict with usercanread everywhere, then you probably want 
targetted with more daemons having policy.

The general plan is to add more daemons to the targetted policy, so I think 
that long-term anyone who wants what you refer to as "tight" would be best 
served by the targetted policy.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

<Prev in Thread]	Current Thread	[Next in Thread>

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Variable naming confusion, Bob Gustafson
Next by Date:	AVCs with ntpd, Felipe Alfaro Solana
Previous by Thread:	Re: Bug 129584: restrictions on user_t, Tom London
Next by Thread:	mailman..., Tom London
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Variable naming confusion, Bob Gustafson

Next by Date:

AVCs with ntpd, Felipe Alfaro Solana

Previous by Thread:

Re: Bug 129584: restrictions on user_t, Tom London

Next by Thread:

mailman..., Tom London

Indexes:

[Date] [Thread] [Top] [All Lists]

Re: Bug 129584: restrictions on user_t: msg#00106