On Thu, 2006-03-30 at 15:31 -0500, Daniel J Walsh wrote:
> Next, the delivered targeted policy doesn't constrain
postfix (it seems to
> reference postfix, but then aliases it to unconfined). Again, the Guide
> suggests I could write new policy specifically for something like postfix,
> in essence extending the targeted policy. Interestingly, I see that the
> gentoo project has a whole bunch of SELinux policies available, including
> one for postfix. A side question I have is: does it make sense to adapt/use
> the policies available in the gentoo project to extend the targeted policy
> for new processes, or is that a bad idea?
Adapting policies from Gentoo to RHEL4 is unlikely to be fruitful due to
divergence between their base policies, but there is already a postfix
policy in the upstream example and/or reference policy, and that is
included in Fedora Core 4 and later I believe. So you can use the
postfix policy from Fedora instead, with some modification.
--
Stephen Smalley
National Security Agency