[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-selinux-list
Subject: Re: Targeted strategy guidance needed
From: Stephen Smalley <sds () tycho ! nsa ! gov>
Date: 2006-03-31 13:13:17
Message-ID: 1143810797.24555.296.camel () moss-spartans ! epoch ! ncsc ! mil
[Download RAW message or body]
On Thu, 2006-03-30 at 15:31 -0500, Daniel J Walsh wrote:
> > Next, the delivered targeted policy doesn't constrain postfix (it seems to
> > reference postfix, but then aliases it to unconfined). Again, the Guide
> > suggests I could write new policy specifically for something like postfix,
> > in essence extending the targeted policy. Interestingly, I see that the
> > gentoo project has a whole bunch of SELinux policies available, including
> > one for postfix. A side question I have is: does it make sense to adapt/use
> > the policies available in the gentoo project to extend the targeted policy
> > for new processes, or is that a bad idea?
Adapting policies from Gentoo to RHEL4 is unlikely to be fruitful due to
divergence between their base policies, but there is already a postfix
policy in the upstream example and/or reference policy, and that is
included in Fedora Core 4 and later I believe. So you can use the
postfix policy from Fedora instead, with some modification.
--
Stephen Smalley
National Security Agency
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic