We have been talking about ways of improving the security of strict 
policy.  So I have been working
to eliminate tunables and replace them with booleans.   So an 
administrator can easily turn them off.
(allow_ypbind and use_nfs_home_dirs defaulting to off as an example).

Also I have been working to eliminate the ncsd_ tunables by adding 
ncsd_client_domain to all daemons that need it.

Finally we are looking into limiting the power of can_network.  
Currently any daemon that has can_network can receive
and establish TCP/UDP connections.  The only thing not provided is 
name_bind.  I want to break this out to eliminate the
ability for daemons also to connect.  So an incoming only daemon, can 
not establish a connection back out.  To do this
I have modified create_socket_perms and eliminated the connect call.  I 
have added a connect_socket_perms which includes
the create_socket_perms.  This has caused many changes to be made in 
policy, and I am not sure if it was a good idea?

Also I modified can_network to take a second parameter of the type of 
the connection (udp or tcp).  This allows you to turn off tcp, connections
on a UDP application.  (I am not sure you can do this for a tcp only app 
if they are going to use name service.)

Is this a good idea or am I wasting my time?

Dan