Travis H. wrote:
> On 8/29/06, Andrew Reilly <andrew-netbsd@areilly.bpc-users.org> wrote:
>> How can someone else write my security policy for me?
> 
> Well, I think "security policy" is an overloaded term, so let's talk about
> "SELinux policy".
> 
> For example, we know in advance that sendmail will write to mail spool
> files
> in /var/spool/mail.  And that it binds to TCP port 25.  And to fork off
> certain
> programs.  And so on.  So we give sendmail permission to just do those
> things, and nothing else.  Sendmail does not usually need to spawn xterm.
> 
> Now, you may run sendmail on port 8025, in which case you might have to
> modify the policy.  I found that it was necessary to load a new policy
> module
> to enable procmail and some utilities that it spawns.  But so far
> that's all I've
> had to do.

And why is SELinux required for the above?

> For the most part, the code defines the allowable actions, and one can do a
> static analysis, or run it in permissive mode for a while to document the
> system calls it uses at run-time.

Like in systrace? (see 'systrace -A' too)

-e.

-- 
Elad Efrat