Bug 158180 - Describe problem, fix, or request for release notes
Describe problem, fix, or request for release notes
Status: CLOSED WONTFIX
Product: Fedora Documentation
Classification: Fedora
Component: release-notes (Show other bugs)
devel
All Linux
medium Severity medium
: ---
: ---
Assigned To: Release Notes Tracker
Tammy Fox
http://fedoraproject.org/wiki/DocsPro...
:
Depends On:
Blocks: fc-relnotes-traqr
  Show dependency treegraph
 
Reported: 2005-05-19 08:43 EDT by Stephen Smalley
Modified: 2007-04-18 13:26 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-02-10 02:03:38 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Stephen Smalley 2005-05-19 08:43:09 EDT
Description of problem, bug, incorrect information, or enhancement request:

Under Overview of This Release, for SELinux, you list daemons protected by the
targeted policy in FC4.  However, the list is somewhat misleading on two counts:

1) Several of these domains are given unconfined_domain() access in the targeted
policy and only exist as separate domains to help with proper domain transitions
into other domains or can otherwise transition to unconfined_t without real
restriction; hence, they are not truly 'protected' in any real sense by the
targeted policy (unlike strict).  grep 'typeattribute.*unrestricted'
/etc/selinux/targeted/src/policy/policy.conf to see at least a partial list of
domains that aren't really restricted.  Examples include crond, inetd, login,
rshd, udev, ?hotplug?.

2) Several of these domains are not for daemons at all.  Examples of non-daemons
include checkpolicy, chkpwd, ?compat?, consoletype, dmidecode, fsadm, hostname,
hotplug, hwclock, ifconfig, init, initrc, kudzu, ldconfig, load_policy, ?login?,
modutil, netutils, restorecon, rpm, setfiles.

Hence, I'd recommend a thorough review of the list and pruning out
domains/programs that are not truly protected by targeted policy as well as
those that are not daemons.

Version of release notes this bug refers to:

Fedora Core 4 final release
Comment 1 Release Notes Tracker 2007-02-10 02:03:38 EST
This situation here has been overcome by events.  Closing as WONTFIX since we
are no longer maintaining anything about FC4.  Blocking master tracker so that
it is part of our statistics and doesn't entirely disappear from memory.

Note You need to log in before you can comment on or make changes to this bug.