On 06/15/2011 01:45 PM, Sven Vermeulen wrote: > So... ideas? Do we want to "keep it simple" and update the apache policy to > support nginx? Or do we want to stay "least privilege" and have dedicated > rules for applications? >
I'm only slowly coming around to policy development, but from my selinux days, I remember continuously tweaking towards least privilege. We could start with a clone of the apache policies and start tweaking those. Possibly submit upstream as long as we conform to their development guidelines. I have some concern that lumping apache and nginx together may cause tension between the needs of both packages. But seeing as I never used nginx, my concern may be unfounded. Also, we don't have policies exclusively for lighttpd. Do you know how that fits in? -- Anthony G. Basile, Ph.D. Gentoo Linux Developer [Hardened] E-Mail : [email protected] GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535 GnuPG ID : D0455535
