On Mon, Jan 22, 2007 at 01:14:53AM EST, Kevin Mark wrote: > On Mon, Jan 22, 2007 at 12:53:04AM -0500, Roberto C. Sanchez wrote: > > On Sun, Jan 21, 2007 at 11:36:15PM -0500, cga2000 wrote: > > > > > > What I had in mind was a flexible model where different actors of the > > > system can be provided with the privileges required to perform their > > > duties--no more .. no less. > > > > > You want selinux. > At the moment, Etch will include SELinux support but it will not be > active. The two policies for it are strict and targeted. Targeted policy > is more developed as it suites more common useage for protection from > external attacks only for a webserver. At this point, if you want > internal protection also, then you will have to develop a custom policy > based upon the current strict policy. > Cheers, > Kev
Thanks to both. The docs on the NSA site are very enlightening. The next step would require my installing etch with selinux enabled on a test box and playing with it for an extended period of time to get a better understanding of the issues involved .. and experience first-hand the usability (or absence thereof?) of this environment. Hopefully I'll find time to do that later this year. Thanks much for your comments. cga -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
