Description of problem, bug, incorrect information, or enhancement request:

Under Overview of This Release, for SELinux, you list daemons protected by the
targeted policy in FC4.  However, the list is somewhat misleading on two counts:

1) Several of these domains are given unconfined_domain() access in the targeted
policy and only exist as separate domains to help with proper domain transitions
into other domains or can otherwise transition to unconfined_t without real
restriction; hence, they are not truly 'protected' in any real sense by the
targeted policy (unlike strict).  grep 'typeattribute.*unrestricted'
/etc/selinux/targeted/src/policy/policy.conf to see at least a partial list of
domains that aren't really restricted.  Examples include crond, inetd, login,
rshd, udev, ?hotplug?.

2) Several of these domains are not for daemons at all.  Examples of non-daemons
include checkpolicy, chkpwd, ?compat?, consoletype, dmidecode, fsadm, hostname,
hotplug, hwclock, ifconfig, init, initrc, kudzu, ldconfig, load_policy, ?login?,
modutil, netutils, restorecon, rpm, setfiles.

Hence, I'd recommend a thorough review of the list and pruning out
domains/programs that are not truly protected by targeted policy as well as
those that are not daemons.

Version of release notes this bug refers to:

Fedora Core 4 final release