All of lore.kernel.org
 help / color / mirror / Atom feed
From: Antoine Martin <antoine@nagafix.co.uk>
To: Erich Schubert <erich@debian.org>
Cc: Daniel J Walsh <dwalsh@redhat.com>,
	SELinux@tycho.nsa.gov, Jason Vas Dias <jvdias@redhat.com>
Subject: Re: Bug (?) in cvs selinux policy
Date: Tue, 29 Nov 2005 23:29:46 +0000	[thread overview]
Message-ID: <1133306986.13162.45.camel@localhost.localdomain> (raw)
In-Reply-To: <1133305918.20990.5.camel@wintermute.xmldesign.de>

On Wed, 2005-11-30 at 00:11 +0100, Erich Schubert wrote:
> Hello,
> > I think this allows it to cp the locale file into the chroot environment.
> 
> For example with postfix, running stuff in a chroot is "deprecated" with
> SELinux, since the security implicatons of setting up the chroot are
> higher than not running a chroot but only SELinux. ;-)
I personally like to have the option of using both, for peace of mind.
I am not good enough to run my systems in full enforcing mode constantly
(there are still some maintenance tasks that I do which are much easier
to handle by switching to permissive mode) and so I like to have the
ability to cumulate the security measures.

Antoine

> Also, the setup should probably done by the init script, not by the
> daemon.
> 
> best regards,
> Erich Schubert


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

  reply	other threads:[~2005-11-29 23:29 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-11-26  1:27 Bug (?) in cvs selinux policy Erich Schubert
2005-11-29 17:05 ` Daniel J Walsh
2005-11-29 17:54   ` Antoine Martin
2005-11-29 23:11   ` Erich Schubert
2005-11-29 23:29     ` Antoine Martin [this message]
2005-11-30  0:38       ` Erich Schubert

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1133306986.13162.45.camel@localhost.localdomain \
    --to=antoine@nagafix.co.uk \
    --cc=SELinux@tycho.nsa.gov \
    --cc=dwalsh@redhat.com \
    --cc=erich@debian.org \
    --cc=jvdias@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.