From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QvbhS-0001rq-Qj for garchives@archives.gentoo.org; Mon, 22 Aug 2011 21:06:28 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D774C21C374; Mon, 22 Aug 2011 21:06:17 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id B9E6621C373 for ; Mon, 22 Aug 2011 21:05:55 +0000 (UTC) Received: by smtp.gentoo.org (Postfix, from userid 617) id 218691B4021; Mon, 22 Aug 2011 21:05:55 +0000 (UTC) Date: Mon, 22 Aug 2011 21:05:55 +0000 From: Sven Vermeulen To: gentoo-hardened@lists.gentoo.org Subject: Re: [gentoo-hardened] SELinux base policy r2 in hardened-dev overlay Message-ID: <20110822210555.GA10068@gentoo.org> Mail-Followup-To: gentoo-hardened@lists.gentoo.org References: <20110819205148.GA29497@gentoo.org> <20110822151816.GA23404@gentoo.org> <20110822171138.GA31692@gentoo.org> <201108222300.16465.mail@smogura.eu> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline In-Reply-To: <201108222300.16465.mail@smogura.eu> User-Agent: Mutt/1.5.16 (2007-06-09) X-Archives-Salt: X-Archives-Hash: 66f86d1e905d68cd9735919b2444294d On Mon, Aug 22, 2011 at 11:00:16PM +0200, Rados??aw Smogura wrote: > Maybe better idea will be to move one level upper and instead of working with > domain templates we should create role templates. I generally like idea of > roles, and I think it may be nice solution that administrator may give someone > dba_admin role. > > So templates should not only create domains, but roles too. > > I may try to write few such templates. That's perfectly possible. The reference policy contains a few default roles, but additional roles might always be submitted. However, for inclusion in Gentoo, please know that we try to follow the reference policy. So if you are writing roles, it is best to contribute them there: http://oss.tresys.com/projects/refpolicy That being said, most of the time roles are "fed" with the proper templates (you have _role or _run templates to execute applications, or _admin templates to manage daemons). Perhaps it would be better if someone drafts up a nice document on how to create your own roles (and maintain them)? Wkr, Sven Vermeulen