1 |
On Fri, 2003-11-28 at 15:18, Michael Reilly wrote: |
2 |
> I also notice that gentoo sets up the user's slightly differently than NSA - |
3 |
> gentoo has the username in the context for staff_r, for example. Any other |
4 |
> things I should know about? |
5 |
|
6 |
Ok, there is one other thing. I've been trying to clean up the |
7 |
inconsistencies of type names. There's mainly two areas that are |
8 |
messes, var types and etc types. Examples are blah_var_run_t vs. |
9 |
var_run_blah_t, or blah_etc_t vs. etc_blah_t vs blah_conf_t. |
10 |
|
11 |
The way I've been trying to standardize it, is that if there is a |
12 |
specific type, then the daemon-specific type should be prefixed: |
13 |
|
14 |
cupsd for example: |
15 |
var_run_t -> cupsd_var_run_t, not var_run_cupsd_t. |
16 |
etc_t -> cupsd_conf_t or cupsd_etc_t, not etc_cupsd_t. (I prefer the |
17 |
conf one for config files) |
18 |
|
19 |
The catch is that could make it slightly more irritating when taking |
20 |
policy from the NSA policy. Also, with more and more policy going into |
21 |
portage, it could become increasingly difficult to clean up. So if you |
22 |
submit a policy with one of the odd named types, don't be surprised if |
23 |
the policy in portage is fixed up. |
24 |
|
25 |
-- |
26 |
Chris PeBenito |
27 |
<pebenito@g.o> |
28 |
Developer, |
29 |
Hardened Gentoo Linux |
30 |
Embedded Gentoo Linux |
31 |
|
32 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
33 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |