Gentoo Archives: gentoo-hardened

From: Joshua Brindle <method@g.o>
To: "Robert M. Marmorstein" <rmmarm@×××××.EDU>
Cc: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] Portage System
Date: Tue, 27 Jul 2004 21:01:42
Message-Id: 4106C2A6.3040803@gentoo.org
1 Robert M. Marmorstein wrote:
2
3 >Thanks, Josh!
4 >
5 >That's helpful.
6 >
7 >
8 >
9 >>2) if the daemon has a policy dependent on it (eg., apache-selinux) then
10 >>the policy will be installed to your policy dir (and backups are made)
11 >>but is not reloaded (and thus may have invalid contexts)
12 >>
13 >>
14 >
15 >In other words, when I install a new package that needs access to certain
16 >types, the patches to the policy come in a seperate "-selinux" package?
17 >
18 >
19 >
20 right
21
22 >I've been using Fedora Selinux, but want to get a Gentoo system up and
23 >running so I can compare them.
24 >
25 >
26 >
27 Gentoo's SELinux support and Fedora have very different goals. We, for
28 example, don't support workstations yet due to the complexity of the
29 added policy and security allowances required to run X.
30
31 >Are there portages that won't run under SELinux because they have no
32 >"-selinux" policy package?
33 >
34 >
35 >
36 there are plenty, in fact most won't, check out the packages in
37 /usr/portage/sec-policy to see which ones are currently supported,
38 we are always looking for policy writers to support new daemons for us.
39
40 Joshua Brindle
41
42 >Robert
43 >
44 >
45 >
46 >>Robert M. Marmorstein wrote:
47 >>
48 >>
49 >>
50 >>>Does the portage system patch my selinux policy on the fly as I install
51 >>>new executables?
52 >>>
53 >>>Thanks!
54 >>>
55 >>>Robert Marmorstein
56 >>>
57 >>>
58 >>>
59 >>>
60 >5B> >
61 >
62 >
63 >>>--
64 >>>gentoo-hardened@g.o mailing list
65 >>>
66 >>>
67 >>>
68 >>>
69 >>--
70 >>gentoo-hardened@g.o mailing list
71 >>
72 >>
73 >>
74 >
75 >
76 >
77 >
78 >
79
80
81 --
82 gentoo-hardened@g.o mailing list