On Mon, 28 Jan 2002 Valdis.Kletnieksat_private wrote: > There seem to be 2,004 RPMs on the RedHat Rawhide. *Every Single One* was > built on a non-LSM machine. How many will roll over and die if run on a > system that has an LSM of some sort running that restricts what processes > can/cannot do? > > And handwaving about "just put it in /etc/flask" is just that - handwaving. > Even if you go through and create flask entries for all those RPMs that > need them, you will *still* have to go back and add new entries when > somebody releases Foo-Gronk 0.9.5. Not to disagree with your basic point, but please note that many packages do not require any particular privilege in order to function, and will run fine on a more restrictive system like SELinux without any need for policy customization. If you are installing a package that does require some kind of privilege, then you will naturally need to customize your policy, whether you simply associate the package with an existing security domain that is suitable or whether you define an entirely new security domain for it. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Jan 28 2002 - 12:07:34 PST