| 1 |
On Fri, 2003-11-28 at 15:18, Michael Reilly wrote: |
| 2 |
> I also notice that gentoo sets up the user's slightly differently than NSA - |
| 3 |
> gentoo has the username in the context for staff_r, for example. Any other |
| 4 |
> things I should know about? |
| 5 |
|
| 6 |
Ok, there is one other thing. I've been trying to clean up the |
| 7 |
inconsistencies of type names. There's mainly two areas that are |
| 8 |
messes, var types and etc types. Examples are blah_var_run_t vs. |
| 9 |
var_run_blah_t, or blah_etc_t vs. etc_blah_t vs blah_conf_t. |
| 10 |
|
| 11 |
The way I've been trying to standardize it, is that if there is a |
| 12 |
specific type, then the daemon-specific type should be prefixed: |
| 13 |
|
| 14 |
cupsd for example: |
| 15 |
var_run_t -> cupsd_var_run_t, not var_run_cupsd_t. |
| 16 |
etc_t -> cupsd_conf_t or cupsd_etc_t, not etc_cupsd_t. (I prefer the |
| 17 |
conf one for config files) |
| 18 |
|
| 19 |
The catch is that could make it slightly more irritating when taking |
| 20 |
policy from the NSA policy. Also, with more and more policy going into |
| 21 |
portage, it could become increasingly difficult to clean up. So if you |
| 22 |
submit a policy with one of the odd named types, don't be surprised if |
| 23 |
the policy in portage is fixed up. |
| 24 |
|
| 25 |
-- |
| 26 |
Chris PeBenito |
| 27 |
<pebenito@g.o> |
| 28 |
Developer, |
| 29 |
Hardened Gentoo Linux |
| 30 |
Embedded Gentoo Linux |
| 31 |
|
| 32 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
| 33 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |
Archives