On Fri, 2004-04-30 at 13:34, Stephen Smalley wrote:
So how would people feel about a separate relaxed policy that allows
everything in the system to run completely unconfined except for a small
set of specific services, e.g. apache, bind, postfix, ...
That would ensure that SELinux wouldn't get in the way of users, while
providing some protection benefit for network-facing services.
I think that would be very worthwhile, and would probably speed uptake
of SELinux on Fedora.
I for one would happily switch that on asap and then gradually move to
something more secure when it was much more polished.
Cheers,
Martin.