| 1 |
Good evening, |
| 2 |
|
| 3 |
On Wed, Nov 26, 2003 at 05:38:45PM -0800, Tad wrote: |
| 4 |
> I'm working on creating policy files for daemontools, ucspi-tcp and qmail. |
| 5 |
> |
| 6 |
> There are already qmail.te and qmail.fc files available from the NSA's |
| 7 |
> policy-1.2, so I'll be using that as a base. |
| 8 |
> |
| 9 |
> Has anyone done this already, or maybe working on it? I don't want do |
| 10 |
> duplicate effort if I can avoid it. |
| 11 |
> |
| 12 |
> -Tad |
| 13 |
> |
| 14 |
|
| 15 |
have a look at |
| 16 |
http://team.rav.ro/peter/policy.tar.gz |
| 17 |
|
| 18 |
you'll find test policies for daemontools, clockspeed, publicfile and different MUAs. |
| 19 |
the qmail policy is the NSA one, but I had to make a few changes to it. |
| 20 |
|
| 21 |
the thing is these are only test policies, and they will definitely not work before you change them a little. |
| 22 |
|
| 23 |
I have left svc to run in the initrc_t context because I've felt that initrc's role is pretty much the same as the daemontools's one, so this inheritance can't hurt. |
| 24 |
|
| 25 |
|
| 26 |
bye, |
| 27 |
peter |
| 28 |
|
| 29 |
|
| 30 |
-- |
| 31 |
gentoo-hardened@g.o mailing list |
Archives