Is there a SELinux tutorial for ISVs ?
Mike Hearn
mike at navi.cx
Wed Apr 27 23:10:30 UTC 2005
On Wed, 27 Apr 2005 14:53:25 +0200, Davide Bolcioni wrote:
> Greetings,
> I was looking for directions about how would an ISV rool own policy for
> the packages it ships. A very basic and step-by-step tutorial, for tiny
> minds :-)
I don't think there is any such document. Right now you can't distribute
policy anyway:
- The binary policy modules framework isn't fully deployed yet, or at
least that's the impression I got last time I talked to the author
- There are no formal policy compatibility ... er ... policies, between
distributions as far as I'm aware. So the meaning of a given bit of
policy might change depending on the distributions specific
implementation.
What exactly are your goals? Do you want to lock down your own program or
is this more about compatibility?
I'm pretty interested in letting Linux software developers ship policy as
part of their own binary packages to allow for better lockdown/least priv
on systems that support it but I don't think the technology is there yet.
thanks -mike
More information about the fedora-selinux-list
mailing list