[ubuntu-hardened] Re: selinux-policy-targeted (1:1.22-2) available
walters at verbum.org
Sat Mar 26 19:41:05 CST 2005
On Sun, 2005-03-27 at 01:54 +0100, Lorenzo Hernández García-Hierro
> I'm (very) glad to announce the availability of the first targeted
> policy package for Debian and more concretely Ubuntu Linux
Very cool, I'm excited about this.
> The policy source itself has nothing to do Russell Coker's old
> selinux-policy-default, but the package is based on his one, this mean,s
> same configuration method.
I assume you mean this:
+ print "Do you want $file:" . substr($line, 6);
+ print "Yes/No/Display [Y/n/d]? ";
I suggest that you simply delete this code entirely, and install
every .te file. It's outdated for several reasons:
1) With the new dynamic boolean support, SELinux enforcement for a
particular daemon can be turned off at runtime, instead of
at policy build time.
2) The targeted policy is significantly smaller than the strict, so
there are no space/size concerns.
3) It's always been annoying as hell :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20050326/166ef863/attachment.pgp
More information about the ubuntu-hardened