1 |
Hi Stefan, |
2 |
|
3 |
Stefan SF wrote: |
4 |
> Hi, |
5 |
> |
6 |
> I've written a policy for ez-ipupdate (DynDNS) and guess it is not so secure as |
7 |
> I think ;-) Maybe I've opened a whole in the policy. |
8 |
> Here are the files: |
9 |
|
10 |
any daemon that starts out of the initrc_t must domain_auto_trans to a new domain. |
11 |
you might want to use the daemon_domain macro to accomplish that. |
12 |
|
13 |
get inspiration from other daemon policies. |
14 |
|
15 |
> What are your thoughts about the "allow initrc_t ..."? I don't know if they are |
16 |
> opening wholes in the system?! Maybe I should create a new type like |
17 |
> initrc_ezipupdate_t or something else. |
18 |
> What are your opinions about the policy? |
19 |
|
20 |
it has to be rewritten. |
21 |
|
22 |
bye, |
23 |
peter |
24 |
|
25 |
-- |
26 |
petre rodan |
27 |
<kaiowas@g.o> |
28 |
Developer, |
29 |
Hardened Gentoo Linux |