| 1 |
Hi.... I've not really delved into SELinux much.... but my guess would be |
| 2 |
that you wouldn't want a policy that covers unnecessary aspects (e.g. |
| 3 |
sudo) if they're not installed on your machine... |
| 4 |
|
| 5 |
$ eix selinux | grep sudo |
| 6 |
* sec-policy/selinux-sudo |
| 7 |
Description: SELinux policy for sudo |
| 8 |
|
| 9 |
As you stated, they can be installed via modules...why not just emerge |
| 10 |
what you need? |
| 11 |
|
| 12 |
Not a very helpful response, I know... sorry. =) |
| 13 |
|
| 14 |
You may want to look at the "targeted" policy... IIRC, that's where |
| 15 |
SELinux was heading toward... |
| 16 |
|
| 17 |
|
| 18 |
Public GPG/PGP key for Brant Williams: 0x88E1AA9E. |
| 19 |
Available at your friendly local public keyserver. |
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
On Sat, 9 Jun 2007, Krzysztof Koz~Bowski wrote: |
| 24 |
|
| 25 |
> Hello |
| 26 |
> |
| 27 |
> I am trying to understand SELinux (and SELinux@Gentoo). I looked at |
| 28 |
> "sec-policy/selinux-sudo-20070329" and it seems that this ebuild does not |
| 29 |
> compile anything new. It just uses files from "Reference Policy" and builds |
| 30 |
> from it module sudo.pp. |
| 31 |
> |
| 32 |
> The questions are: |
| 33 |
> Why "sec-policy/selinux-base-policy" does not include policy rules for some |
| 34 |
> programs/services (like sudo)? Why "sec-policy/selinux-base-policy" does not |
| 35 |
> compile all of modules? |
| 36 |
> |
| 37 |
> It seems that base.pp from selinux-base-policy does not have many modules from |
| 38 |
> reference policy. Some of them can be installed by different ebuild but some |
| 39 |
> can't (it seems that base.pp does not contain e.g. logwatch policy rules). |
| 40 |
> This is on purpose? |
| 41 |
> |
| 42 |
> |
| 43 |
> |
| 44 |
> -- |
| 45 |
> Krzysztof Kozłowski |
| 46 |
> http://www.kozik.net.pl |
| 47 |
> |
| 48 |
> |
| 49 |
> -- |
| 50 |
> gentoo-hardened@g.o mailing list |
| 51 |
> |
| 52 |
> |
Archives