| 1 |
Hi, |
| 2 |
|
| 3 |
I might have some policies for you. I fixed the NSA policies to work on a |
| 4 |
slackware distro I had lying around. Having finished that I am moving them |
| 5 |
to my gentoo system. |
| 6 |
|
| 7 |
Do you have any guidelines for things like supported roles (I have user_r, |
| 8 |
staff_r, sysadm_r and am integrating portage from the gentoo policy)? |
| 9 |
|
| 10 |
I also notice that gentoo sets up the user's slightly differently than NSA - |
| 11 |
gentoo has the username in the context for staff_r, for example. Any other |
| 12 |
things I should know about? |
| 13 |
|
| 14 |
I may also be interested in being a policy dev. Any special requirements? |
| 15 |
|
| 16 |
Thanks, |
| 17 |
|
| 18 |
michael |
| 19 |
On Fri, 28 Nov 2003 13:12:56 -0600 |
| 20 |
Chris PeBenito <pebenito@g.o> wrote: |
| 21 |
|
| 22 |
> This reminds me to make another call for policy devs. I'm looking for |
| 23 |
> people to help out with maintaining daemon policies (common ones). |
| 24 |
> Basically the person(s) would be taking the NSA example policies, fixing |
| 25 |
> up the file contexts, and make adjustments for Gentoo, and testing. |
| 26 |
> They'd also be a backup for me. |
| 27 |
> |
| 28 |
> With that being said, I'm also making a call out for people who have |
| 29 |
> written or modified policy to get their daemons working. I'm asking |
| 30 |
> that you submit your policy on bugzilla (assign bugs to |
| 31 |
> pebenito@g.o). I'd prefer the files as separate attachments to |
| 32 |
> the bug, not a tarball. |
| 33 |
> |
| 34 |
> There are a few requirements: |
| 35 |
> 1. please make comments (in the policy and/or bug), so I can understand |
| 36 |
> where/why you've made changes. |
| 37 |
> 2. the policy should cover common installations. Please don't submit |
| 38 |
> policy for odd or nonstandard daemon configurations. |
| 39 |
> 3. I need to know if the policy is dependent on another policy (for |
| 40 |
> example rpcd is dependent on portmap) other than base-policy. |
| 41 |
> 4. it should be a common daemon (others will be accepted when the common |
| 42 |
> stuff is in portage). |
| 43 |
> |
| 44 |
> I'll also put this information on the project page. |
| 45 |
> |
| 46 |
> On Thu, 2003-11-27 at 03:06, Tad wrote: |
| 47 |
> > Iÿve got qmail working on my SElinux system. Itÿs not complete, but |
| 48 |
> > itÿs enough to run qmail-send (and helpers) and qmail-smtpd. |
| 49 |
> > However, qmail-pop3d, qmail-qmqpd and qmail-qmtpd are not supported. |
| 50 |
> -- |
| 51 |
> Chris PeBenito |
| 52 |
> <pebenito@g.o> |
| 53 |
> Developer, |
| 54 |
> Hardened Gentoo Linux |
| 55 |
> Embedded Gentoo Linux |
| 56 |
> |
| 57 |
> Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
| 58 |
> Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |
| 59 |
> |
| 60 |
|
| 61 |
|
| 62 |
-- |
| 63 |
---- ---- ---- |
| 64 |
Michael Reilly michaelr@×××××.com |
| 65 |
Cisco Systems, Santa Cruz, CA |
| 66 |
|
| 67 |
-- |
| 68 |
gentoo-hardened@g.o mailing list |
Archives