Re: How best (BUT WHY) get rid of SELinux?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Sep 27, 2007 at 00:12:12 -0400,
  Ric Moore <wayward4now@xxxxxxxxx> wrote:
> 
> NOW you've got my attention. I actually need something just like that.
> As a matter of fact, if you could REALLY lock down the front porch,
> restricting service to just your subnets, and a local DNS server, you
> wouldn't need the guards inside to be set strict? As much? Tell me about
> this... inquiring minds want to know. What's the real deal? Ric

I have just seen discussions for patches dealing with this on the selinux list.
I don't know what exactly the final plan is supposed to be. I believe you are
supposed to be able to attach context to packets based on host and port
information. This allows you to at least label packets based on address and
port information reliably (as much as you can trust the ipsec signatures). I
don't know if the sender of a packet will be able to attach context to packets
that the recipient can use.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux