Hi,
> Okay!! I just tried leafnode on a Fedora 8 Box and it works over there with
> SELinux enabled. But I don't follow Fedora, So I can't confirm if they modify
> the policy or just use what is shipped upstream.
Did you try strict or targeted mode?
I figure Fedora by default uses targeted mode, so it might just be
running leafnode in the unprotected targeted domain (unconfined_t)
Last I heard, Fedora was using SELinux only to protect certain
well-known services such as Bind, DHCP and such.
(Which is good enough for most users, that's why targeted is the better
default.)
You can check that by checking the output of "ps auxZ | grep
leadnode" (or whatever the leafnode binary is called) while accessing
leafnode.
Also have a look at the output of "ls -Z" on the leafnode binaries,
maybe Fedora is just applying the INN policy to leafnode.
(The current upstream INN policy doesn't reference leafnode)
best regards,
Erich Schubert
--
erich@(vitavonni.de|debian.org) -- GPG Key ID: 4B3A135C (o_
Which is worse: ignorance or apathy? Who knows? Who cares? //\
Unter Freunden ist guter Rat nicht teuer, aber wie alles, was V_/_
nichts kostet, nur wenig gefragt. --- Robert Muthmann
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
