Perhaps is not working because most of the new policy are deployed in enforcing mode and not in permissive ? But permissive not was born exactly for this ?
Best
2013/4/23, Kevin Kofler kevin.kofler@chello.at:
Adam Williamson wrote:
SELinux keeps having bugs *because* they progressively build out the policies. The coverage of the -targeted policy is now greater than it was a few releases back. If they kept the coverage of the stock policies the same over time there would be almost no new bugs, but instead, they increase the coverage and hence the security it provides progressively with each release. *Some* bugs are associated with files moving or program functionality changing or whatever, but most are just the result of the policies growing: the 'scaling' that you say isn't working.
It isn't working because it's adding hundreds of new policy bugs in every new Fedora release. And coverage is still VERY far from 100% of Fedora.
Kevin Kofler
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel