Tom "spot" Callaway wrote:
On Tue, 2007-05-22 at 12:52 -0400, Daniel J Walsh wrote:
If it runs as root, it should drop capabilities that it does not need,
and it should have an SELinux policy to confine it. Of course if it
runs as non-root, it should have an SELinux policy to confine it.
These are shoulds not musts.
Dan, is there a simple guide for packagers on how to make SELinux policy
for these cases?
Also, is it possible to package policy as part of an application, or do
changes still need to go in the master policy package?
~spot
--
Fedora-maintainers mailing list
Fedora-maintainers@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers
I am writing up a guide on writing policy for Red Hat Magazine. I have
a presentation on this at
http://people.redhat.com/dwalsh/SELinux/Presentations/PolicyGeneration.pdf
The latest policycoreutils-gui has a new tool (polgengui) , Which is
launchable from system-config-selinux to help you build a policy.
As far as shipping policy inside or RPM
http://fedoraproject.org/wiki/PackagingDrafts/SELinux
Is the best we have right now.
Dan
--
Fedora-maintainers mailing list
Fedora-maintainers@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers
--
Fedora-maintainers-readonly mailing list
Fedora-maintainers-readonly@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
