On Wednesday 17 August 2005 01:36, Rahul Sundaram <sundaram@xxxxxxxxxx> wrote: > * Hardened version of Fedora with strict or MLS policy by default That's been on my todo list for a while. I've got a kickstart configuration that converts the machine to strict policy in the %post so that the first boot does a relabel to the correct context. Doing the same thing with MLS would be quite easy. The next step would be a modification of the 6M isolinux image that is used for booting CDs and a modification of the equivalent image for USB mass storage devices so that a kickstart or NFS/HTTP install can proceed with full strict or MLS policy. Making a new CD1 image to do this would be easy enough technically, but distributing it would be a PITA. I can put a 6M kickstart CD image on my web server with no issue, but a 650M CD1 image would require using bittorrent (not impossible, just more effort). There are a few side projects that I will do as part of this. I am giving a talk to my local LUG on BitTorrent in the near future - hopefully that will get me a decent pool of people willing to use their bandwidth to help me out if I need to distribute CD images. I also plan to write some articles on kickstart as some of the KS things I'm doing are fairly tricky and are mostly undocumented. I may even get around to adding new features to system-config-kickstart to support software RAID-6 and LVM (as a general rule I only do install via kickstart). How much interest is there in these things? If you just want to say "I'm interested" then please use private mail. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-devel-list
