On Aug 22, 2005, at 10:32 PM, Theo de Raadt wrote:
i think having a flag you could set to disable the new
behavior would be a good idea. it may very well be that what i
suggest is not doable due to the low-level nature of the
functions in question. just a thought.
It might be a good idea, but it is just not possible. There are
too many pieces.
Not only is it a bad idea, it undermines the goals of the change.
This is a good example of why SELinux hasn't been readily accepted
(beyond being a suckass piece of bolt-on garbage); it's too easy to
just disable it, rather than a) fixing the underlying bad code, or b)
learning how to properly use the tool.
--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net
