Mailinglist Archive: opensuse-factory (279 mails)

[Greg KH <gregkh@xxxxxxx>]

On Sat, Mar 21, 2009 at 06:20:08PM +0100, Stephan Kleine wrote:
> Hi list.
>
> As you probably know openSUSE 11.1 comes enabled for SELinux but
> without policies (
> http://news.opensuse.org/2008/08/20/opensuse-to-add-selinux-basic-enablement-in-111/
> ) which makes it pretty much useless if one doesn't write all the
> profiles oneself (which is kinda unlikely).
>
> I would like to suggest to provide profiles & tools as well so SELinux
> becomes fully usable out of the box. Considering that we currently
> have 7+ months until the 11.2 release it at least should be possible
> to get started (as in not covering 100% of all applications which
> could wait till 11.3 ;D).
>
> However, since it is a pretty complex field with which not very many
> people familiar, the foundation probably has to be laid by a few folks
> who should know that stuff from the inside out (e.g. the security
> team). Once the foundation is laid policies could be added step by
> step even by people who aren't absolute experts in that field
> (needless to say that those have to be thoroughly reviewed). Testing
> certainly can be done by all as well.
>
> To get started it might probably help to have a look at the RHEL &
> Fedora policies since they use SELinux for quite some time and most
> likely learnt more than just a thing or two during this time.
>
> I'm aware that it still would amount to quite some work but the sooner
> it starts the earlier it is done. Last but not least it's probably
> superfluous to say that your SLE customers would love working policies
> as well ;D
>
> So, what do you think?

That would be wonderful to have, are you willing to start creating these
policies for others to work off of?

thanks,

greg k-h
-- 
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx