| 1 |
Chris PeBenito wrote: |
| 2 |
|
| 3 |
>Here is some news on the SELinux front, current events and stuff that is |
| 4 |
>on the horizon. |
| 5 |
> |
| 6 |
>XFS users should not use >=2.6.14 as a SELinux update caused breakage |
| 7 |
>[1], stay tuned for updates on this. |
| 8 |
> |
| 9 |
> |
| 10 |
I take it that since there has been no new news here, the just-released |
| 11 |
hardened-sources-2.4.14-r2 doesn't fix this? |
| 12 |
|
| 13 |
>In the next couple months, there will be several changes in policy and |
| 14 |
>policy management. First, we will be moving to Reference Policy [2]. |
| 15 |
>The NSA example policy has been superseded by this policy. It is not |
| 16 |
>quite ready yet for a strict policy (the current Gentoo policy is a |
| 17 |
>strict policy), but it will be soon. The effect of this is will be |
| 18 |
>noticeable to the users, as it can create a targeted and strict policy |
| 19 |
>from the same source tree, with no modifications; thus, we will begin |
| 20 |
>supporting the targeted policy, primarily for desktops. It also has |
| 21 |
>several new features; notably, it supports loadable policy modules, |
| 22 |
>which I'll discuss later. |
| 23 |
> |
| 24 |
> |
| 25 |
I have a fair amount of software (leafnode, dovecot, smartd) for which |
| 26 |
there is no policy, currently. At the moment it seems that "no policy, |
| 27 |
no work-ee." I'm under the impression that in the new stuff, it can be |
| 28 |
made more permissive about having no-policy stuff work. Is that true? Or |
| 29 |
even if I'm about to start to have to learn to write policies, I may as |
| 30 |
well wait and do it under the new base, I guess. |
| 31 |
|
| 32 |
>[1] http://marc.theaimsgroup.com/?l=selinux&m=112653995009765&w=2 |
| 33 |
>[2] http://serefpolicy.sourceforge.net |
| 34 |
>[3] http://sepolicy-server.sourceforge.net/index.php?page=modules |
| 35 |
> |
| 36 |
> |
| 37 |
Looks like some reading... |
| 38 |
|
| 39 |
Dale Pontius |
| 40 |
-- |
| 41 |
gentoo-hardened@g.o mailing list |
Archives