Integrating into Fedora/SELinux
Karsten Wade
kwade at redhat.com
Tue Feb 9 22:13:04 UTC 2010
On Tue, Feb 09, 2010 at 02:35:38PM -0500, Scott Salley wrote:
> I work for Likewise (www.likewise.com) and we create software for
> integrating Linux/Unix machines into Active Directory.
>
>
>
> We'd like our software (Likewise Open) to get into the next Fedora
> release (which may or may not be possible), but are unsure of how to
> work with SELinux and the targeted policy.
Dan Walsh and the rest of the SELinux developers are good at working
with people on developing policy.
A quick moment for definitions -- the Fedora numbered release gives us
a rhythm as a community, but your software in the Fedora repo is going
to be there when it gets there, even if that day were after the next
Fedora numbered release. That said, if you are going to make a run
for Fedora 13, you should create a feature page for Likewise Open.
https://fedoraproject.org/wiki/Features
https://fedoraproject.org/wiki/Features/Policy
The feature process is a way to keep track of interesting things timed
to arrive with a release. If you follow the process, which includes
defining your own success criteria (i.e., what is the 100% remark),
you get increased exposure from
> 1. How precisely defined does the targeted policy require us to
> label the interactions of our many daemons? We have one daemon (lsassd)
> that is commonly used by other processes for authentication and another
> daemon (lwsmd) for managing daemons. But several of the daemons just
> provide services to other daemons and I'm not sure if they can all be
> grouped into the same domain.
>
> 2. How do we verify that we have a 'good' policy?
>
> 3. How do we get the SELinux policy updated with changes?
While I'd selfishly love to keep the discussion on this list :), I
think the better one is here:
https://admin.fedoraproject.org/mailman/listinfo/selinux
All of your questions are exactly what that list is for. Please keep
us updated here about your progress. (I'm on that list, fwiw.)
- Karsten
--
name: Karsten 'quaid' Wade, Sr. Community Gardener
team: Red Hat Community Architecture
uri: http://quaid.fedorapeople.org
gpg: AD0E0C41
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/isv-sig/attachments/20100209/8a1c647a/attachment.bin
More information about the isv-sig
mailing list