On Sat, Mar 21, 2009 at 06:20:08PM +0100, Stephan Kleine wrote:
Hi list.
As you probably know openSUSE 11.1 comes enabled for SELinux but without policies ( http://news.opensuse.org/2008/08/20/opensuse-to-add-selinux-basic-enablement... ) which makes it pretty much useless if one doesn't write all the profiles oneself (which is kinda unlikely).
I would like to suggest to provide profiles & tools as well so SELinux becomes fully usable out of the box. Considering that we currently have 7+ months until the 11.2 release it at least should be possible to get started (as in not covering 100% of all applications which could wait till 11.3 ;D).
However, since it is a pretty complex field with which not very many people familiar, the foundation probably has to be laid by a few folks who should know that stuff from the inside out (e.g. the security team). Once the foundation is laid policies could be added step by step even by people who aren't absolute experts in that field (needless to say that those have to be thoroughly reviewed). Testing certainly can be done by all as well.
To get started it might probably help to have a look at the RHEL & Fedora policies since they use SELinux for quite some time and most likely learnt more than just a thing or two during this time.
I'm aware that it still would amount to quite some work but the sooner it starts the earlier it is done. Last but not least it's probably superfluous to say that your SLE customers would love working policies as well ;D
So, what do you think?
That would be wonderful to have, are you willing to start creating these policies for others to work off of? thanks, greg k-h -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org