On Tue, May 29, 2012 10:23, Daniel J Walsh wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 05/28/2012 11:54 AM, James B. Byrne wrote: >> We are in the process of examining whether it is possible to >> create a local policy for Passenger which will allow it to >> run in enforcing mode but not open the system to other >> exploits. We would like to know if there is any on-line venue >> where the security aspects of specific policy elements >> might be discussed. >> >> Is there such a resource? If so, can anyone here provide the >> reference? >> >> > Why not just email to refpolicy list the rules you want to allow > along with the AVC's. If there is security info you do not want > to reveal, I would be willing to look at them. Thank you. The refpolicy list is the reference I was seeking. I will inquire there. We have no unusually sensitive security issues with revealing the avcs and recommended policies. At the present time the server is running in permissive mode so any action which offers us the hope of setting it to enforcing is a step in the right direction. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB@xxxxxxxxxxxxx Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
