Is there a SELinux tutorial for ISVs ?
Chad Hanson
chanson at TrustedCS.com
Thu Apr 28 18:29:11 UTC 2005
>
> This string of messages brings up something I wanted to get a
> conversation going on how to handle non OS Provided policy.
>
> We all know we need a better mechanism for handling "binary"
> policy in
> the future. ( I think the future is now.)
> I see three people providing policy.
>
I agree, as an ISV we need a way to add custom policy to support our
applications. We currently use a processed version to the policy to have
source modules until the binary modules are part of Fedora.
> 1. OS Provider with base policy. (It would also be nice if the base
> policy got broken into several policies and only the policy
> of the running service would be loaded. If we got to this state we
> would need a new mechanism for restoring file context since
> file_context might not meet the currently loaded policy.
>
> 2. Third Party application developers. As the use of targeted policy
> has begun to take off, Third Party ISV have started to question
> how they can play in this world.
>
Exactly, see statement above.
> I see Tresys Stuff solving the problems of both of the above.
>
> 3 Local User customization and minor policies. Currently we
> have people
Along with local user policy, there needs to be local network policy
customizations as well. This is required from an MLS perspective and I would
think be useful for TE network restrictions as well.
More information about the fedora-selinux-list
mailing list