| 1 |
Hi Stefan, |
| 2 |
|
| 3 |
Stefan SF wrote: |
| 4 |
> Hi, |
| 5 |
> |
| 6 |
> I've written a policy for ez-ipupdate (DynDNS) and guess it is not so secure as |
| 7 |
> I think ;-) Maybe I've opened a whole in the policy. |
| 8 |
> Here are the files: |
| 9 |
|
| 10 |
any daemon that starts out of the initrc_t must domain_auto_trans to a new domain. |
| 11 |
you might want to use the daemon_domain macro to accomplish that. |
| 12 |
|
| 13 |
get inspiration from other daemon policies. |
| 14 |
|
| 15 |
> What are your thoughts about the "allow initrc_t ..."? I don't know if they are |
| 16 |
> opening wholes in the system?! Maybe I should create a new type like |
| 17 |
> initrc_ezipupdate_t or something else. |
| 18 |
> What are your opinions about the policy? |
| 19 |
|
| 20 |
it has to be rewritten. |
| 21 |
|
| 22 |
bye, |
| 23 |
peter |
| 24 |
|
| 25 |
-- |
| 26 |
petre rodan |
| 27 |
<kaiowas@g.o> |
| 28 |
Developer, |
| 29 |
Hardened Gentoo Linux |
Archives