On Thu, 28 Apr 2005 11:54:30 -0400, Daniel J Walsh wrote:
> Anyways I think we need more discussion on handling third party and user
> customization of policy outside of the current make tree stuff.
Sorry for posting so late ... one thing I'd also like to see is some
formal rules for policy compatibility. For instance, if FC4 ships and says
"Shared libraries with text relocations are no longer allowed by default"
then this breaks things. If FC5 ships and now you need special tagging to
connect to the X server, well ....
(I don't know if this has actually happened or not yet but it seems to
keep coming up)
It may be decided that it's an acceptable price to pay for the additional
security, or it may not. I don't think that discussion should happen
now. But I think ISVs would feel a lot more secure if this sort of
decision appeared not to be arbitrary and if there was some way to plan
and work with the OS base policy writers.
A basic system could be to have widely adopted (cross-distro) and
documented security levels, ie:
Level 1: Basic targetted - optin, only affects daemons, no restrictions
on anything else
Level 2: Targetted + additional restrictions, execshield enabled (ie
this is not just an SELinux thing), apps which require special
privs must have custom policy
Level 3: Strict
or something similar to that. This means users can adjust their security
level to adapt to what programs they run, and ISVs can say "Minimum
Requirements: Level 2 or lower security level".
thanks -mike
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
