Hi, Tóth Attila wrote: > I'm about to set up a new box. It'll run Hardened Gentoo (suprise!) - what > else? > Beside providing usual services (ssh, mail, etc.), it would also function > as a (uhm..) desktop (i know, i know...). > I'm hesitating between Grsec and SELinux. > I'm already quite familiar with Grsec, but I have just some limited > knowledge and experience on SELinux. IMHO, a regular desktop system should > also have effective security features enforced nowdays. > Has anybody running xorg on an SELinux box (i know, i know)? > > Are there any working policies for, or has anybody ever sucessfully used > the following list of deamons?sendmail > dovecot > (cyrus-imapd?)
not sure about sendmail as I don't use it, but the other two don't have a gentoo policy. there is policy available for them on the selinux.sf.net CVS. a quick view here: http://dev.gentoo.org/~kaiowas/policy/nsa/domains/program/unused/cyrus.te http://dev.gentoo.org/~kaiowas/policy/nsa/domains/program/unused/dovecot.te http://dev.gentoo.org/~kaiowas/policy/nsa/file_contexts/program/cyrus.fc http://dev.gentoo.org/~kaiowas/policy/nsa/file_contexts/program/dovecot.fc > spamd > clamd I use these two on a production server so their policy should be up-to-date. courier-imap is also supported if you hesitate about cyrus-imapd. > BTW, which MTA suit would you recommend to use with SELinux? we have policy for qmail and postfix > Should I stick to my good old Grsec RBAC policy if I hope for desktop > functionality? some have reported success with the not-yet-supported x11 policy. you can test it to see if it fits http://dev.gentoo.org/~kaiowas/distfiles/selinux-x11-[get_the_latest] szia, peter -- petre rodan <[EMAIL PROTECTED]> Developer, Hardened Gentoo Linux
signature.asc
Description: OpenPGP digital signature
