| 1 |
On Sun, Jan 16, 2011 at 11:06:47AM -0600, Chris Richards wrote: |
| 2 |
> On 01/16/2011 09:09 AM, Sven Vermeulen wrote: |
| 3 |
> > When writing security policies, it is important to first have a vision on |
| 4 |
> > how the security policies should be made. Of course, final vision should be |
| 5 |
> > with a systems' security administrator, but a distribution should give a |
| 6 |
> > first start for this. |
| 7 |
[... What to allow ...] |
| 8 |
> My general feeling is that the system should operate FROM THE USER |
| 9 |
> PERSPECTIVE the way it always does, i.e. the existence of SELinux should |
| 10 |
> be relatively transparent to the user and/or administrator, at least to |
| 11 |
> the extent that is practical. There may be some things that you simply |
| 12 |
> can't avoid changing, but they should generally be few and far between. |
| 13 |
[... What to hide ...] |
| 14 |
> My general feeling here is that, again where practical, we should avoid |
| 15 |
> cluttering the logs. Logs that are cluttered with noise don't get |
| 16 |
> properly evaluated for the truly exceptional conditions that the |
| 17 |
> administrator needs to be concerned about. Obviously, there are tools |
| 18 |
> that can help with this, but those tools should be used for the purpose |
| 19 |
> of helping the administrator organize the information, not prune the |
| 20 |
> logs of stuff to ignore. If there's stuff that is going to be routinely |
| 21 |
> ignored because it is essentially useless chatter, then it shouldn't be |
| 22 |
> there to start with. |
| 23 |
|
| 24 |
Well, I've taken the liberty of writing down a sort-of policy document in |
| 25 |
which we can include our development principles and methods. The idea is |
| 26 |
that both existing and new developers then know how to "include" their |
| 27 |
suggested changes and how to configure/design the added SELinux policy |
| 28 |
rules. |
| 29 |
|
| 30 |
The document: http://goo.gl/2U0Zr |
| 31 |
|
| 32 |
I've included a few of the items we discussed already, but also added |
| 33 |
two others ones (see the "No Role-Specific Domains" and "Only Reference |
| 34 |
Policy Suggested Roles" rules). |
| 35 |
|
| 36 |
It's a *discussion* document, I'm really open to (many) suggestions (and |
| 37 |
enhancements ;-) |
| 38 |
|
| 39 |
Wkr, |
| 40 |
Sven Vermeulen |
Archives