On (08/10/06 17:22), Uwe Hermann wrote: > Hi, > > On Sat, Oct 07, 2006 at 10:36:25PM +0100, James Westby wrote: > > If you have exim installed, you must either install postfix or write an > > exim policy, as none currently exists. > > > > Is this still the case? It seems that it would be odd to install it by > > default if the default MTA is not supported (I'm not trying to trigger > > that particular debate). > > Yes, I think that's still the case. However, it shouldn't be a real > problem. You just won't have any extra protection for exim (so it's as > secure or insecure as if no SELinux was there at all), but all the other > daemons and programs on your system will still profit from SELinux. >
Ok, this seems reasonable. Does it stop you from using enforcing mode? If so it seems odd to say "SELinux is installed on your system by default, in order to activate it just do ... but if you want it to actually stop some expliots, rather that just giving you information you have to do the above, and turn on enforcing mode, and remove exim and install postfix and set it up to your liking." Apologies for pushing that a bit far, but I wish to question the sense of installing it by default if this much has to be done to make use of it, when it sounds like it is very easy to install it. If I am wrong about this then great, and I support it being emphasised as a feature of etch, even if it is too late to have it installed by default. James -- James Westby -- GPG Key ID: B577FE13 -- http://jameswestby.net/ seccure key - (3+)k7|M*edCX/.A:n*N!>|&7U.L#9E)Tu)T0>AM - secp256r1/nistp256 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
