[ubuntu-hardened] Re: selinux-policy-targeted (1:1.22-2) available

Colin Walters walters at verbum.org
Sat Mar 26 19:41:05 CST 2005

On Sun, 2005-03-27 at 01:54 +0100, Lorenzo Hernández García-Hierro

> I'm (very) glad to announce the availability of the first targeted
> policy package for Debian and more concretely Ubuntu Linux 

Very cool, I'm excited about this.

> The policy source itself has nothing to do Russell Coker's old
> selinux-policy-default, but the package is based on his one, this mean,s
> same configuration method.

I assume you mean this:

+        print "Do you want $file:" . substr($line, 6);
+        print "Yes/No/Display [Y/n/d]? ";

I suggest that you simply delete this code entirely, and install
every .te file.  It's outdated for several reasons:

1) With the new dynamic boolean support, SELinux enforcement for a
   particular daemon can be turned off at runtime, instead of
   at policy build time.
2) The targeted policy is significantly smaller than the strict, so
   there are no space/size concerns.  
3) It's always been annoying as hell :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20050326/166ef863/attachment.pgp

More information about the ubuntu-hardened mailing list