From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-hardened+bounces-3396-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1QYJlk-0002C2-T5
	for garchives@archives.gentoo.org; Sun, 19 Jun 2011 15:18:37 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 4FC991C08D;
	Sun, 19 Jun 2011 15:16:20 +0000 (UTC)
Received: from mail-ew0-f53.google.com (mail-ew0-f53.google.com [209.85.215.53])
	by pigeon.gentoo.org (Postfix) with ESMTP id EB1621C08D
	for <gentoo-hardened@lists.gentoo.org>; Sun, 19 Jun 2011 15:16:19 +0000 (UTC)
Received: by ewy8 with SMTP id 8so978198ewy.40
        for <gentoo-hardened@lists.gentoo.org>; Sun, 19 Jun 2011 08:16:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:sender:date:from:to:subject:message-id
         :references:mime-version:content-type:content-disposition
         :in-reply-to:user-agent;
        bh=u1yBGszpcTBL21c8NXAwSmFW6M5XNNdjmffOWmjESN8=;
        b=t+tMVb358/mrIEqekhlrkZA3TTk84M407PDexYGrx6fKrtBhMmyeTki3xC4L7vBiyq
         hubOek1TLe6CH8UlMb2S7skYubliakxy6dbrWRet5kl0wPwx73kZjGKsZ71dOnzoIb/n
         AI0mbwZu8TbYo6ExCzSrILioCjlZBgrZro9ck=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=sender:date:from:to:subject:message-id:references:mime-version
         :content-type:content-disposition:in-reply-to:user-agent;
        b=hMFU7YID03CmBcp1GRogbD2L35GXbOiDXzMfBBtwXf43Gern+vZgiw9V7p0F01dM4d
         nskglQ+vvTwQ6UGlB6oP4ic13RqZUQ0IRMh8po0vV9sd+ZH5MCfgiE5bnGn0vaMnxb/E
         W4e6ES7SN90FZYIuk7DL27LCmLLwzqGrfGyfs=
Received: by 10.213.3.14 with SMTP id 14mr1528253ebl.28.1308496579049;
        Sun, 19 Jun 2011 08:16:19 -0700 (PDT)
Received: from siphos.be ([83.101.67.57])
        by mx.google.com with ESMTPS id q16sm102574eef.21.2011.06.19.08.16.17
        (version=TLSv1/SSLv3 cipher=OTHER);
        Sun, 19 Jun 2011 08:16:17 -0700 (PDT)
Sender: Sven Vermeulen <sven.j.vermeulen@gmail.com>
Date: Sun, 19 Jun 2011 17:15:07 +0200
From: Sven Vermeulen <sven.vermeulen@siphos.be>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] SELinux policy for nginx, or include in apache?
Message-ID: <20110619151507.GA4651@siphos.be>
References: <20110615174526.GA18549@siphos.be>
 <4DF950E1.9090104@gentoo.org>
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@lists.gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <4DF950E1.9090104@gentoo.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Archives-Salt: 
X-Archives-Hash: 0cb5c68104946e5870825da69744312e

On Wed, Jun 15, 2011 at 08:40:01PM -0400, Anthony G. Basile wrote:
[...]
> Also, we don't have policies exclusively for lighttpd.  Do you know how
> that fits in?

It's completely covered by sec-policy/selinux-apache. The httpd_t domain
works pretty well with lighttpd (running it here) and contains the necessary
file context definitions specific for lighttpd.

Wkr,
	Sven Vermeulen