1 |
Hi.... I've not really delved into SELinux much.... but my guess would be |
2 |
that you wouldn't want a policy that covers unnecessary aspects (e.g. |
3 |
sudo) if they're not installed on your machine... |
4 |
|
5 |
$ eix selinux | grep sudo |
6 |
* sec-policy/selinux-sudo |
7 |
Description: SELinux policy for sudo |
8 |
|
9 |
As you stated, they can be installed via modules...why not just emerge |
10 |
what you need? |
11 |
|
12 |
Not a very helpful response, I know... sorry. =) |
13 |
|
14 |
You may want to look at the "targeted" policy... IIRC, that's where |
15 |
SELinux was heading toward... |
16 |
|
17 |
|
18 |
Public GPG/PGP key for Brant Williams: 0x88E1AA9E. |
19 |
Available at your friendly local public keyserver. |
20 |
|
21 |
|
22 |
|
23 |
On Sat, 9 Jun 2007, Krzysztof Koz~Bowski wrote: |
24 |
|
25 |
> Hello |
26 |
> |
27 |
> I am trying to understand SELinux (and SELinux@Gentoo). I looked at |
28 |
> "sec-policy/selinux-sudo-20070329" and it seems that this ebuild does not |
29 |
> compile anything new. It just uses files from "Reference Policy" and builds |
30 |
> from it module sudo.pp. |
31 |
> |
32 |
> The questions are: |
33 |
> Why "sec-policy/selinux-base-policy" does not include policy rules for some |
34 |
> programs/services (like sudo)? Why "sec-policy/selinux-base-policy" does not |
35 |
> compile all of modules? |
36 |
> |
37 |
> It seems that base.pp from selinux-base-policy does not have many modules from |
38 |
> reference policy. Some of them can be installed by different ebuild but some |
39 |
> can't (it seems that base.pp does not contain e.g. logwatch policy rules). |
40 |
> This is on purpose? |
41 |
> |
42 |
> |
43 |
> |
44 |
> -- |
45 |
> Krzysztof Kozłowski |
46 |
> http://www.kozik.net.pl |
47 |
> |
48 |
> |
49 |
> -- |
50 |
> gentoo-hardened@g.o mailing list |
51 |
> |
52 |
> |