Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: changes in ~2.6.13 break postfix policy?
From: Stephen Smalley <sds_at_tycho.nsa.gov>
Date: Tue, 15 Nov 2005 08:19:28 -0500
True. However, I can envision people who want to apply SELinux for local confinement of processes without necessarily caring about the network controls, and I can further envision them not wanting the performance overhead on the network path created by e.g. the sock_rcv_skb hook and the netfilter hooks. So that seems like a reasonable configuration option. The current CONFIG_SECURITY_NETWORK isn't very useful in that respect because it covers not only those networking checks but also the socket hooks, including the checking for Unix/local sockets. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Tue 15 Nov 2005 - 08:19:49 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |