Re: concept of a permissive domain

On Tue, 2007-09-11 at 16:31 -0400, Daniel J Walsh wrote: [...]
> One other feature/requirement would be to not override dontaudit rules.
> So if I have a domain in permissive mode and I have a dontaudit rule on
> reading /etc/shadow. The app should still be denied reading
> /etc/shadow. (This is not a show stopper, but would allow us to force
> apps to take the code paths they will take in enforcing mode.)

This isn't specific to per-domain permissive, right? It would be useful in general for permissive.

Karl -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.

• This message: [ Message body ]
• Next message: Eric Paris: "Re: concept of a permissive domain"
• Previous message: Daniel J Walsh: "Re: concept of a permissive domain"
• In reply to: Daniel J Walsh: "Re: concept of a permissive domain"
• Next in thread: Eric Paris: "Re: concept of a permissive domain"
• Reply: Eric Paris: "Re: concept of a permissive domain"
• Reply: Stephen Smalley: "Re: concept of a permissive domain"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]