1 |
Chris PeBenito wrote: |
2 |
|
3 |
>Here is some news on the SELinux front, current events and stuff that is |
4 |
>on the horizon. |
5 |
> |
6 |
>XFS users should not use >=2.6.14 as a SELinux update caused breakage |
7 |
>[1], stay tuned for updates on this. |
8 |
> |
9 |
> |
10 |
I take it that since there has been no new news here, the just-released |
11 |
hardened-sources-2.4.14-r2 doesn't fix this? |
12 |
|
13 |
>In the next couple months, there will be several changes in policy and |
14 |
>policy management. First, we will be moving to Reference Policy [2]. |
15 |
>The NSA example policy has been superseded by this policy. It is not |
16 |
>quite ready yet for a strict policy (the current Gentoo policy is a |
17 |
>strict policy), but it will be soon. The effect of this is will be |
18 |
>noticeable to the users, as it can create a targeted and strict policy |
19 |
>from the same source tree, with no modifications; thus, we will begin |
20 |
>supporting the targeted policy, primarily for desktops. It also has |
21 |
>several new features; notably, it supports loadable policy modules, |
22 |
>which I'll discuss later. |
23 |
> |
24 |
> |
25 |
I have a fair amount of software (leafnode, dovecot, smartd) for which |
26 |
there is no policy, currently. At the moment it seems that "no policy, |
27 |
no work-ee." I'm under the impression that in the new stuff, it can be |
28 |
made more permissive about having no-policy stuff work. Is that true? Or |
29 |
even if I'm about to start to have to learn to write policies, I may as |
30 |
well wait and do it under the new base, I guess. |
31 |
|
32 |
>[1] http://marc.theaimsgroup.com/?l=selinux&m=112653995009765&w=2 |
33 |
>[2] http://serefpolicy.sourceforge.net |
34 |
>[3] http://sepolicy-server.sourceforge.net/index.php?page=modules |
35 |
> |
36 |
> |
37 |
Looks like some reading... |
38 |
|
39 |
Dale Pontius |
40 |
-- |
41 |
gentoo-hardened@g.o mailing list |