1 |
Good evening, |
2 |
|
3 |
On Wed, Nov 26, 2003 at 05:38:45PM -0800, Tad wrote: |
4 |
> I'm working on creating policy files for daemontools, ucspi-tcp and qmail. |
5 |
> |
6 |
> There are already qmail.te and qmail.fc files available from the NSA's |
7 |
> policy-1.2, so I'll be using that as a base. |
8 |
> |
9 |
> Has anyone done this already, or maybe working on it? I don't want do |
10 |
> duplicate effort if I can avoid it. |
11 |
> |
12 |
> -Tad |
13 |
> |
14 |
|
15 |
have a look at |
16 |
http://team.rav.ro/peter/policy.tar.gz |
17 |
|
18 |
you'll find test policies for daemontools, clockspeed, publicfile and different MUAs. |
19 |
the qmail policy is the NSA one, but I had to make a few changes to it. |
20 |
|
21 |
the thing is these are only test policies, and they will definitely not work before you change them a little. |
22 |
|
23 |
I have left svc to run in the initrc_t context because I've felt that initrc's role is pretty much the same as the daemontools's one, so this inheritance can't hurt. |
24 |
|
25 |
|
26 |
bye, |
27 |
peter |
28 |
|
29 |
|
30 |
-- |
31 |
gentoo-hardened@g.o mailing list |