Somebody in the thread at some point said: > On 10/17/07, Andy Green <andy@xxxxxxxxxxx> wrote: >> Somebody in the thread at some point said: >> >>>>> Regardless, you should have a way to check and fix it, unless what you >>>>> are running is unimportant and you can abandon it. >>>> Maybe a mode that blocks the process until you yea or nay it could be >>>> interesting. >>> >>> So basically Windows vista for Linux? Cancel or Allow? >> LOL doesn't sound so good like that. >> >> Maybe instead there's a way to make a local rule to allow a particular >> process, Les' critical process, and its children to basically run in >> permissive, while everything else stays enforced. > > > Well, in targetted mode SELinux only checks... targetted applications. > So it won't play with your critical process unless there's been a rule > made for it, I do believe that specific rules can be disabled however. You're right again, but Les' proposed critical application might spawn targetted applications just to spite us all and thereby fail anyway. -Andy
