| 1 |
Petre Rodan wrote: |
| 2 |
> hi Chris, |
| 3 |
> |
| 4 |
> [..] |
| 5 |
>> Courier, dante, jabber and snort are done. |
| 6 |
> |
| 7 |
> great news. |
| 8 |
> |
| 9 |
>> I believe a debian guy is doing a openvpn policy. I'll see if I |
| 10 |
>> can get the remaining policies converted over this weekend. |
| 11 |
> |
| 12 |
> I talked with Erich Schubert and he said that the openvpn policy is low priority for him, so I will do that one. It is almost done actually. |
| 13 |
> |
| 14 |
|
| 15 |
I hope I'm not seeming impatient by asking these questions, but in |
| 16 |
preparing to post to this list, I noticed this thread and this is very |
| 17 |
much like what I would have posted so I'll follow up instead. |
| 18 |
|
| 19 |
Also, there's one issue that I'm not quite understanding in this thread, |
| 20 |
though, and I've asked the question in a number of different phrasings |
| 21 |
(marked with [] ) because I'm having difficulty figuring out how to |
| 22 |
express the question succinctly. |
| 23 |
|
| 24 |
Three weeks have now passed since the last post to this thread, so |
| 25 |
please pardon me if I politely ask: |
| 26 |
|
| 27 |
Where do the issues raised by this thread stand now? |
| 28 |
|
| 29 |
pebenito writes that, "Courier, dante, jabber and snort are done," so |
| 30 |
that leaves: |
| 31 |
|
| 32 |
-The Gentoo SELinux reference policy itself [In the context of Gentoo, |
| 33 |
exactly what is this? A Gentoo package? A collection of packages? A |
| 34 |
collection of files that each package owns? other?] |
| 35 |
|
| 36 |
-Petre Rodan wrote: "use what we have now in the stable branch please" |
| 37 |
[So is that a package in portage then?] Sorry if I'm being dense here. |
| 38 |
|
| 39 |
-How far along is the work to migrate to the reference policy? |
| 40 |
|
| 41 |
-pebenito mentions, "I had planned on a test release of refpolicy for |
| 42 |
Gentoo right now,"... [Is that (refpolicy) a gentoo package?] I don't |
| 43 |
see anything like it in portage, but perhaps that's because it's just |
| 44 |
not in there yet. |
| 45 |
|
| 46 |
-other policies not already addressed in the thread: |
| 47 |
asterisk |
| 48 |
clockspeed |
| 49 |
ntop |
| 50 |
openvpn |
| 51 |
qmail |
| 52 |
|
| 53 |
And finally, [how do I make use of these policies if they are all done?] |
| 54 |
|
| 55 |
Pardon me for the newbie-ness of this additional question, but: [when |
| 56 |
pebenito says, "Courier, dante, jabber and snort are done," what exactly |
| 57 |
does that mean? Is there a gentoo package containing a policy for |
| 58 |
courier-imap or jabber-server or dante or snort? Or is the policy for |
| 59 |
(say) jabber-server just a file (or a set of files) that is incorporated |
| 60 |
into the jabber-server package when the selinux USE flag is set? (or |
| 61 |
other?).] |
| 62 |
|
| 63 |
Being a newbie to SELinux, I think I'm missing something about how |
| 64 |
SELinux policies are incorporated into Gentoo. |
| 65 |
|
| 66 |
I read the bug report mentioned in this thread and the |
| 67 |
http://serefpolicy.sourceforge.net/ pointer referenced therein, but not |
| 68 |
knowing exactly how these policies are incorporated into Gentoo I feel |
| 69 |
like I'm missing a piece of the puzzle. |
| 70 |
|
| 71 |
Thanks. |
| 72 |
|
| 73 |
-Kevin |
| 74 |
|
| 75 |
PS. If any of these are faqs, I welcome a redirection to the appropriate |
| 76 |
source of answers. |
| 77 |
-- |
| 78 |
gentoo-hardened@g.o mailing list |
Archives