1 |
Robert M. Marmorstein wrote: |
2 |
|
3 |
>Thanks, Josh! |
4 |
> |
5 |
>That's helpful. |
6 |
> |
7 |
> |
8 |
> |
9 |
>>2) if the daemon has a policy dependent on it (eg., apache-selinux) then |
10 |
>>the policy will be installed to your policy dir (and backups are made) |
11 |
>>but is not reloaded (and thus may have invalid contexts) |
12 |
>> |
13 |
>> |
14 |
> |
15 |
>In other words, when I install a new package that needs access to certain |
16 |
>types, the patches to the policy come in a seperate "-selinux" package? |
17 |
> |
18 |
> |
19 |
> |
20 |
right |
21 |
|
22 |
>I've been using Fedora Selinux, but want to get a Gentoo system up and |
23 |
>running so I can compare them. |
24 |
> |
25 |
> |
26 |
> |
27 |
Gentoo's SELinux support and Fedora have very different goals. We, for |
28 |
example, don't support workstations yet due to the complexity of the |
29 |
added policy and security allowances required to run X. |
30 |
|
31 |
>Are there portages that won't run under SELinux because they have no |
32 |
>"-selinux" policy package? |
33 |
> |
34 |
> |
35 |
> |
36 |
there are plenty, in fact most won't, check out the packages in |
37 |
/usr/portage/sec-policy to see which ones are currently supported, |
38 |
we are always looking for policy writers to support new daemons for us. |
39 |
|
40 |
Joshua Brindle |
41 |
|
42 |
>Robert |
43 |
> |
44 |
> |
45 |
> |
46 |
>>Robert M. Marmorstein wrote: |
47 |
>> |
48 |
>> |
49 |
>> |
50 |
>>>Does the portage system patch my selinux policy on the fly as I install |
51 |
>>>new executables? |
52 |
>>> |
53 |
>>>Thanks! |
54 |
>>> |
55 |
>>>Robert Marmorstein |
56 |
>>> |
57 |
>>> |
58 |
>>> |
59 |
>>> |
60 |
>5B> > |
61 |
> |
62 |
> |
63 |
>>>-- |
64 |
>>>gentoo-hardened@g.o mailing list |
65 |
>>> |
66 |
>>> |
67 |
>>> |
68 |
>>> |
69 |
>>-- |
70 |
>>gentoo-hardened@g.o mailing list |
71 |
>> |
72 |
>> |
73 |
>> |
74 |
> |
75 |
> |
76 |
> |
77 |
> |
78 |
> |
79 |
|
80 |
|
81 |
-- |
82 |
gentoo-hardened@g.o mailing list |