On Wed, 2006-01-25 at 12:56 +0100, Mivz wrote: > I would like some comment on the policy, what can I do better. > Is this a odd or nonstandard daemon configuration, or could it be > integrated in the portage tree? > I would be interested in maintaining this policy my self.
If heimdal is supposed to work with LDAP, then its not nonstandard. Nonstandard means moving file locations or gluing two programs together that aren't normally associated with each other. As for the rules, they seem reasonable except for the two rules I listed below, which are odd since they deal with a user domain. It can't be integrated into portage as we're working on switching over to reference policy [1], which has a new organization. [1] http://marc.theaimsgroup.com/?l=gentoo-hardened&m=113433863728029&w=2 > plain text document attachment (heimdal-LDAP.te) > #/tmp/krb5cc > allow user_t local_login_tmp_t:file { read lock append }; > > #Needed for whoami / id to work. Else: "I have no name!" for ldap users. > allow user_t nscd_var_run_t:dir search; -- Chris PeBenito <[EMAIL PROTECTED]> Developer, Hardened Gentoo Linux Embedded Gentoo Linux Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243
signature.asc
Description: This is a digitally signed message part
