From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1PeV43-0007rU-M1 for garchives@archives.gentoo.org; Sun, 16 Jan 2011 16:02:47 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0F772E0ACC for ; Sun, 16 Jan 2011 16:02:46 +0000 (UTC) Received: from mail-ey0-f181.google.com (mail-ey0-f181.google.com [209.85.215.181]) by pigeon.gentoo.org (Postfix) with ESMTP id 56F0BE0C78 for ; Sun, 16 Jan 2011 15:10:01 +0000 (UTC) Received: by eyh6 with SMTP id 6so2385788eyh.40 for ; Sun, 16 Jan 2011 07:10:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:sender:date:from:to:subject:message-id :mime-version:content-type:content-disposition:user-agent; bh=9zXRw4F01R6L0tIn9y7y/NbjyD/y4imHSqna+oRaHEE=; b=lpPAVrcELjBKkdiVw+Q2t9egD0VLMJySsNBN7eAjlceaFyMx1be90v/0oXQaqCpBSK 1rG5XaEtPreB6w8B003YBRY33tIw75fuCl6hQUToxx0525Y0aJ0VQmceGutwyLJfrtJQ VkRs8WDv0N45pwsb4izfS6GDiPqIufl/UwyrI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:date:from:to:subject:message-id:mime-version:content-type :content-disposition:user-agent; b=gXjzp7GIU+sDlnzCl3UHJW3y/0kwh49JDpj62W8eTZDBS398RzW1M6W9uJfm0VcW6k lPR619NTMoCD3qLVKVvv4pFlpOnIhqRnAcL30nmekmetdb9vHBhR17Mseev7IPXhKuOH mYo/rAXyCIDPUiY9hdxcWey46OaLXtjkG109k= Received: by 10.213.30.20 with SMTP id s20mr2734429ebc.15.1295190600528; Sun, 16 Jan 2011 07:10:00 -0800 (PST) Received: from siphos.be ([83.101.67.57]) by mx.google.com with ESMTPS id t50sm2781306eeh.0.2011.01.16.07.09.59 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 16 Jan 2011 07:09:59 -0800 (PST) Sender: Sven Vermeulen Date: Sun, 16 Jan 2011 16:09:50 +0100 From: Sven Vermeulen To: gentoo-hardened@lists.gentoo.org Subject: [gentoo-hardened] SELinux policy rules principles? Message-ID: <20110116150950.GA17577@siphos.be> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) X-Archives-Salt: 6cbb0181-e17e-4cd7-bad7-697599488dcd X-Archives-Hash: 80126b5c9fa8bd825594f1183deea06d Hi all, When writing security policies, it is important to first have a vision on how the security policies should be made. Of course, final vision should be with a systems' security administrator, but a distribution should give a first start for this. For the time being, Gentoo Hardened's policies are based upon the reference policy's implementation, but I can imagine that this will evolve further. The moment however we start adding policies ourselves (outside simple patching of the reference policy's implementation) we need to have some rules on what or how our rules should be made. One first principle that we might need to discuss about is what we want to allow in our policy. Do we want to allow all normal behavior (i.e. you use an application or server the way it is meant to and we make sure no denials are generated for this) but shield off abnormal behavior as much as possible (by rightly aligning domains and types)? Or do we want to allow just enough so that the applications function properly during regular operations, causing various denials to be in place still? And if we would opt for the latter, do we want to dontaudit those denials to keep the logging clean, or do we then expect the administrator to manage his own dontaudits? Wkr, Sven Vermeulen