Targeted strategy guidance needed
Stephen Smalley
sds at tycho.nsa.gov
Fri Mar 31 13:13:17 UTC 2006
On Thu, 2006-03-30 at 15:31 -0500, Daniel J Walsh wrote:
> > Next, the delivered targeted policy doesn't constrain postfix (it seems to
> > reference postfix, but then aliases it to unconfined). Again, the Guide
> > suggests I could write new policy specifically for something like postfix,
> > in essence extending the targeted policy. Interestingly, I see that the
> > gentoo project has a whole bunch of SELinux policies available, including
> > one for postfix. A side question I have is: does it make sense to adapt/use
> > the policies available in the gentoo project to extend the targeted policy
> > for new processes, or is that a bad idea?
Adapting policies from Gentoo to RHEL4 is unlikely to be fruitful due to
divergence between their base policies, but there is already a postfix
policy in the upstream example and/or reference policy, and that is
included in Fedora Core 4 and later I believe. So you can use the
postfix policy from Fedora instead, with some modification.
--
Stephen Smalley
National Security Agency
More information about the selinux
mailing list