Bug 158180

Summary: Describe problem, fix, or request for release notes
Product: [Fedora] Fedora Documentation Reporter: Stephen Smalley <sds>
Component: release-notesAssignee: Release Notes Tracker <relnotes>
Status: CLOSED WONTFIX QA Contact: Tammy Fox <tammy.c.fox>
Severity: medium Docs Contact:
Priority: medium    
Version: develCC: dwalsh, kwade
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://fedoraproject.org/wiki/DocsProject/ReleaseNotes/Process
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-02-10 07:03:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 151189    

Description Stephen Smalley 2005-05-19 12:43:09 UTC
Description of problem, bug, incorrect information, or enhancement request:

Under Overview of This Release, for SELinux, you list daemons protected by the
targeted policy in FC4.  However, the list is somewhat misleading on two counts:

1) Several of these domains are given unconfined_domain() access in the targeted
policy and only exist as separate domains to help with proper domain transitions
into other domains or can otherwise transition to unconfined_t without real
restriction; hence, they are not truly 'protected' in any real sense by the
targeted policy (unlike strict).  grep 'typeattribute.*unrestricted'
/etc/selinux/targeted/src/policy/policy.conf to see at least a partial list of
domains that aren't really restricted.  Examples include crond, inetd, login,
rshd, udev, ?hotplug?.

2) Several of these domains are not for daemons at all.  Examples of non-daemons
include checkpolicy, chkpwd, ?compat?, consoletype, dmidecode, fsadm, hostname,
hotplug, hwclock, ifconfig, init, initrc, kudzu, ldconfig, load_policy, ?login?,
modutil, netutils, restorecon, rpm, setfiles.

Hence, I'd recommend a thorough review of the list and pruning out
domains/programs that are not truly protected by targeted policy as well as
those that are not daemons.

Version of release notes this bug refers to:

Fedora Core 4 final release

Comment 1 Release Notes Tracker 2007-02-10 07:03:38 UTC
This situation here has been overcome by events.  Closing as WONTFIX since we
are no longer maintaining anything about FC4.  Blocking master tracker so that
it is part of our statistics and doesn't entirely disappear from memory.