Re: Targeted strategy guidance needed

Friday, 31 March 2006


On Thu, 2006-03-30 at 15:31 -0500, Daniel J Walsh wrote:
...
 > Next, the delivered targeted policy doesn't constrain
postfix (it seems to
 > reference postfix, but then aliases it to unconfined). Again, the Guide
 > suggests I could write new policy specifically for something like postfix,
 > in essence extending the targeted policy. Interestingly, I see that the
 > gentoo project has a whole bunch of SELinux policies available, including
 > one for postfix. A side question I have is: does it make sense to adapt/use
 > the policies available in the gentoo project to extend the targeted policy
 > for new processes, or is that a bad idea? 
Adapting policies from Gentoo to RHEL4 is unlikely to be fruitful due to
divergence between their base policies, but there is already a postfix
policy in the upstream example and/or reference policy, and that is
included in Fedora Core 4 and later I believe.  So you can use the
postfix policy from Fedora instead, with some modification.

-- 
Stephen Smalley
National Security Agency

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: Targeted strategy guidance needed