1 |
Petre Rodan wrote: |
2 |
> hi Chris, |
3 |
> |
4 |
> [..] |
5 |
>> Courier, dante, jabber and snort are done. |
6 |
> |
7 |
> great news. |
8 |
> |
9 |
>> I believe a debian guy is doing a openvpn policy. I'll see if I |
10 |
>> can get the remaining policies converted over this weekend. |
11 |
> |
12 |
> I talked with Erich Schubert and he said that the openvpn policy is low priority for him, so I will do that one. It is almost done actually. |
13 |
> |
14 |
|
15 |
I hope I'm not seeming impatient by asking these questions, but in |
16 |
preparing to post to this list, I noticed this thread and this is very |
17 |
much like what I would have posted so I'll follow up instead. |
18 |
|
19 |
Also, there's one issue that I'm not quite understanding in this thread, |
20 |
though, and I've asked the question in a number of different phrasings |
21 |
(marked with [] ) because I'm having difficulty figuring out how to |
22 |
express the question succinctly. |
23 |
|
24 |
Three weeks have now passed since the last post to this thread, so |
25 |
please pardon me if I politely ask: |
26 |
|
27 |
Where do the issues raised by this thread stand now? |
28 |
|
29 |
pebenito writes that, "Courier, dante, jabber and snort are done," so |
30 |
that leaves: |
31 |
|
32 |
-The Gentoo SELinux reference policy itself [In the context of Gentoo, |
33 |
exactly what is this? A Gentoo package? A collection of packages? A |
34 |
collection of files that each package owns? other?] |
35 |
|
36 |
-Petre Rodan wrote: "use what we have now in the stable branch please" |
37 |
[So is that a package in portage then?] Sorry if I'm being dense here. |
38 |
|
39 |
-How far along is the work to migrate to the reference policy? |
40 |
|
41 |
-pebenito mentions, "I had planned on a test release of refpolicy for |
42 |
Gentoo right now,"... [Is that (refpolicy) a gentoo package?] I don't |
43 |
see anything like it in portage, but perhaps that's because it's just |
44 |
not in there yet. |
45 |
|
46 |
-other policies not already addressed in the thread: |
47 |
asterisk |
48 |
clockspeed |
49 |
ntop |
50 |
openvpn |
51 |
qmail |
52 |
|
53 |
And finally, [how do I make use of these policies if they are all done?] |
54 |
|
55 |
Pardon me for the newbie-ness of this additional question, but: [when |
56 |
pebenito says, "Courier, dante, jabber and snort are done," what exactly |
57 |
does that mean? Is there a gentoo package containing a policy for |
58 |
courier-imap or jabber-server or dante or snort? Or is the policy for |
59 |
(say) jabber-server just a file (or a set of files) that is incorporated |
60 |
into the jabber-server package when the selinux USE flag is set? (or |
61 |
other?).] |
62 |
|
63 |
Being a newbie to SELinux, I think I'm missing something about how |
64 |
SELinux policies are incorporated into Gentoo. |
65 |
|
66 |
I read the bug report mentioned in this thread and the |
67 |
http://serefpolicy.sourceforge.net/ pointer referenced therein, but not |
68 |
knowing exactly how these policies are incorporated into Gentoo I feel |
69 |
like I'm missing a piece of the puzzle. |
70 |
|
71 |
Thanks. |
72 |
|
73 |
-Kevin |
74 |
|
75 |
PS. If any of these are faqs, I welcome a redirection to the appropriate |
76 |
source of answers. |
77 |
-- |
78 |
gentoo-hardened@g.o mailing list |