Gábor Boskovits <boskov...@gmail.com> writes: >> > The resulting policy could then be used on GuixSD or any other system >> > that doesn’t have a full SELinux configuration. >> > > I looked around a little, and it seems, that at least Fedora and Debian > has their base policies originated from SELinux reference policy: > https://github.com/TresysTechnology/refpolicy/wiki > > I guess it would be nice to investigate how we could adopt this to GuixSD. > WDYT?
Indeed. I didn’t know about the reference policy. We could take parts of it and define an SELinux system service that applies it on boot. -- Ricardo GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC https://elephly.net
