Hi all,
When writing security policies, it is important to first have a vision on
how the security policies should be made. Of course, final vision should be
with a systems' security administrator, but a distribution should give a
first start for this.
For the time being, Gentoo Hardened's policies are based upon the reference
policy's implementation, but I can imagine that this will evolve further.
The moment however we start adding policies ourselves (outside simple
patching of the reference policy's implementation) we need to have some
rules on what or how our rules should be made.
One first principle that we might need to discuss about is what we want to
allow in our policy. Do we want to allow all normal behavior (i.e. you use
an application or server the way it is meant to and we make sure no denials
are generated for this) but shield off abnormal behavior as much as possible
(by rightly aligning domains and types)? Or do we want to allow just enough
so that the applications function properly during regular operations,
causing various denials to be in place still?
And if we would opt for the latter, do we want to dontaudit those denials to
keep the logging clean, or do we then expect the administrator to manage his
own dontaudits?
Wkr,
Sven Vermeulen
