| 1 |
On 06/15/2011 01:45 PM, Sven Vermeulen wrote: |
| 2 |
|
| 3 |
> So... ideas? Do we want to "keep it simple" and update the apache policy to |
| 4 |
> support nginx? Or do we want to stay "least privilege" and have dedicated |
| 5 |
> rules for applications? |
| 6 |
> |
| 7 |
|
| 8 |
I'm only slowly coming around to policy development, but from my selinux |
| 9 |
days, I remember continuously tweaking towards least privilege. We |
| 10 |
could start with a clone of the apache policies and start tweaking |
| 11 |
those. Possibly submit upstream as long as we conform to their |
| 12 |
development guidelines. |
| 13 |
|
| 14 |
I have some concern that lumping apache and nginx together may cause |
| 15 |
tension between the needs of both packages. But seeing as I never used |
| 16 |
nginx, my concern may be unfounded. |
| 17 |
|
| 18 |
Also, we don't have policies exclusively for lighttpd. Do you know how |
| 19 |
that fits in? |
| 20 |
|
| 21 |
-- |
| 22 |
Anthony G. Basile, Ph.D. |
| 23 |
Gentoo Linux Developer [Hardened] |
| 24 |
E-Mail : blueness@g.o |
| 25 |
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535 |
| 26 |
GnuPG ID : D0455535 |
Archives