Hide Forgot
Description of problem, bug, incorrect information, or enhancement request: Under Overview of This Release, for SELinux, you list daemons protected by the targeted policy in FC4. However, the list is somewhat misleading on two counts: 1) Several of these domains are given unconfined_domain() access in the targeted policy and only exist as separate domains to help with proper domain transitions into other domains or can otherwise transition to unconfined_t without real restriction; hence, they are not truly 'protected' in any real sense by the targeted policy (unlike strict). grep 'typeattribute.*unrestricted' /etc/selinux/targeted/src/policy/policy.conf to see at least a partial list of domains that aren't really restricted. Examples include crond, inetd, login, rshd, udev, ?hotplug?. 2) Several of these domains are not for daemons at all. Examples of non-daemons include checkpolicy, chkpwd, ?compat?, consoletype, dmidecode, fsadm, hostname, hotplug, hwclock, ifconfig, init, initrc, kudzu, ldconfig, load_policy, ?login?, modutil, netutils, restorecon, rpm, setfiles. Hence, I'd recommend a thorough review of the list and pruning out domains/programs that are not truly protected by targeted policy as well as those that are not daemons. Version of release notes this bug refers to: Fedora Core 4 final release
This situation here has been overcome by events. Closing as WONTFIX since we are no longer maintaining anything about FC4. Blocking master tracker so that it is part of our statistics and doesn't entirely disappear from memory.