1 |
On 06/15/2011 01:45 PM, Sven Vermeulen wrote: |
2 |
|
3 |
> So... ideas? Do we want to "keep it simple" and update the apache policy to |
4 |
> support nginx? Or do we want to stay "least privilege" and have dedicated |
5 |
> rules for applications? |
6 |
> |
7 |
|
8 |
I'm only slowly coming around to policy development, but from my selinux |
9 |
days, I remember continuously tweaking towards least privilege. We |
10 |
could start with a clone of the apache policies and start tweaking |
11 |
those. Possibly submit upstream as long as we conform to their |
12 |
development guidelines. |
13 |
|
14 |
I have some concern that lumping apache and nginx together may cause |
15 |
tension between the needs of both packages. But seeing as I never used |
16 |
nginx, my concern may be unfounded. |
17 |
|
18 |
Also, we don't have policies exclusively for lighttpd. Do you know how |
19 |
that fits in? |
20 |
|
21 |
-- |
22 |
Anthony G. Basile, Ph.D. |
23 |
Gentoo Linux Developer [Hardened] |
24 |
E-Mail : blueness@g.o |
25 |
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535 |
26 |
GnuPG ID : D0455535 |