From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ricardo Wurmus Subject: Re: [PATCH] Add SELinux policy for guix-daemon. Date: Fri, 16 Feb 2018 16:58:10 +0100 Message-ID: <8737216i5p.fsf@elephly.net> References: <87zi4fiqzk.fsf@mdc-berlin.de> <87k1ve2w0o.fsf@gmail.com> <87inay6zgt.fsf@elephly.net> <87inaxl6hc.fsf@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:41894) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1emiPH-00034T-1d for guix-devel@gnu.org; Fri, 16 Feb 2018 10:58:40 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1emiPE-0000Kc-0Q for guix-devel@gnu.org; Fri, 16 Feb 2018 10:58:39 -0500 Received: from sender-of-o51.zoho.com ([135.84.80.216]:21075) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1emiPD-0000KC-OF for guix-devel@gnu.org; Fri, 16 Feb 2018 10:58:35 -0500 In-reply-to: List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: =?utf-8?Q?G=C3=A1bor?= Boskovits Cc: guix-devel , Ricardo Wurmus G=C3=A1bor Boskovits writes: >> > The resulting policy could then be used on GuixSD or any other system >> > that doesn=E2=80=99t have a full SELinux configuration. >> > > I looked around a little, and it seems, that at least Fedora and Debian > has their base policies originated from SELinux reference policy: > https://github.com/TresysTechnology/refpolicy/wiki > > I guess it would be nice to investigate how we could adopt this to GuixSD= . > WDYT? Indeed. I didn=E2=80=99t know about the reference policy. We could take p= arts of it and define an SELinux system service that applies it on boot. --=20 Ricardo GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC https://elephly.net