Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 158180 - Describe problem, fix, or request for release notes
Summary: Describe problem, fix, or request for release notes
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora Documentation
Classification: Fedora
Component: release-notes
Version: devel
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Release Notes Tracker
QA Contact: Tammy Fox
URL: http://fedoraproject.org/wiki/DocsPro...
Whiteboard:
Depends On:
Blocks: fc-relnotes-traqr
TreeView+ depends on / blocked
 
Reported: 2005-05-19 12:43 UTC by Stephen Smalley
Modified: 2007-04-18 17:26 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-02-10 07:03:38 UTC


Attachments (Terms of Use)

Description Stephen Smalley 2005-05-19 12:43:09 UTC
Description of problem, bug, incorrect information, or enhancement request:

Under Overview of This Release, for SELinux, you list daemons protected by the
targeted policy in FC4.  However, the list is somewhat misleading on two counts:

1) Several of these domains are given unconfined_domain() access in the targeted
policy and only exist as separate domains to help with proper domain transitions
into other domains or can otherwise transition to unconfined_t without real
restriction; hence, they are not truly 'protected' in any real sense by the
targeted policy (unlike strict).  grep 'typeattribute.*unrestricted'
/etc/selinux/targeted/src/policy/policy.conf to see at least a partial list of
domains that aren't really restricted.  Examples include crond, inetd, login,
rshd, udev, ?hotplug?.

2) Several of these domains are not for daemons at all.  Examples of non-daemons
include checkpolicy, chkpwd, ?compat?, consoletype, dmidecode, fsadm, hostname,
hotplug, hwclock, ifconfig, init, initrc, kudzu, ldconfig, load_policy, ?login?,
modutil, netutils, restorecon, rpm, setfiles.

Hence, I'd recommend a thorough review of the list and pruning out
domains/programs that are not truly protected by targeted policy as well as
those that are not daemons.

Version of release notes this bug refers to:

Fedora Core 4 final release

Comment 1 Release Notes Tracker 2007-02-10 07:03:38 UTC
This situation here has been overcome by events.  Closing as WONTFIX since we
are no longer maintaining anything about FC4.  Blocking master tracker so that
it is part of our statistics and doesn't entirely disappear from memory.


Note You need to log in before you can comment on or make changes to this bug.