1 |
Hi, |
2 |
|
3 |
I might have some policies for you. I fixed the NSA policies to work on a |
4 |
slackware distro I had lying around. Having finished that I am moving them |
5 |
to my gentoo system. |
6 |
|
7 |
Do you have any guidelines for things like supported roles (I have user_r, |
8 |
staff_r, sysadm_r and am integrating portage from the gentoo policy)? |
9 |
|
10 |
I also notice that gentoo sets up the user's slightly differently than NSA - |
11 |
gentoo has the username in the context for staff_r, for example. Any other |
12 |
things I should know about? |
13 |
|
14 |
I may also be interested in being a policy dev. Any special requirements? |
15 |
|
16 |
Thanks, |
17 |
|
18 |
michael |
19 |
On Fri, 28 Nov 2003 13:12:56 -0600 |
20 |
Chris PeBenito <pebenito@g.o> wrote: |
21 |
|
22 |
> This reminds me to make another call for policy devs. I'm looking for |
23 |
> people to help out with maintaining daemon policies (common ones). |
24 |
> Basically the person(s) would be taking the NSA example policies, fixing |
25 |
> up the file contexts, and make adjustments for Gentoo, and testing. |
26 |
> They'd also be a backup for me. |
27 |
> |
28 |
> With that being said, I'm also making a call out for people who have |
29 |
> written or modified policy to get their daemons working. I'm asking |
30 |
> that you submit your policy on bugzilla (assign bugs to |
31 |
> pebenito@g.o). I'd prefer the files as separate attachments to |
32 |
> the bug, not a tarball. |
33 |
> |
34 |
> There are a few requirements: |
35 |
> 1. please make comments (in the policy and/or bug), so I can understand |
36 |
> where/why you've made changes. |
37 |
> 2. the policy should cover common installations. Please don't submit |
38 |
> policy for odd or nonstandard daemon configurations. |
39 |
> 3. I need to know if the policy is dependent on another policy (for |
40 |
> example rpcd is dependent on portmap) other than base-policy. |
41 |
> 4. it should be a common daemon (others will be accepted when the common |
42 |
> stuff is in portage). |
43 |
> |
44 |
> I'll also put this information on the project page. |
45 |
> |
46 |
> On Thu, 2003-11-27 at 03:06, Tad wrote: |
47 |
> > Iÿve got qmail working on my SElinux system. Itÿs not complete, but |
48 |
> > itÿs enough to run qmail-send (and helpers) and qmail-smtpd. |
49 |
> > However, qmail-pop3d, qmail-qmqpd and qmail-qmtpd are not supported. |
50 |
> -- |
51 |
> Chris PeBenito |
52 |
> <pebenito@g.o> |
53 |
> Developer, |
54 |
> Hardened Gentoo Linux |
55 |
> Embedded Gentoo Linux |
56 |
> |
57 |
> Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
58 |
> Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |
59 |
> |
60 |
|
61 |
|
62 |
-- |
63 |
---- ---- ---- |
64 |
Michael Reilly michaelr@×××××.com |
65 |
Cisco Systems, Santa Cruz, CA |
66 |
|
67 |
-- |
68 |
gentoo-hardened@g.o mailing list |