On Thu, 2006-03-30 at 15:31 -0500, Daniel J Walsh wrote:
Next, the delivered targeted policy doesn't constrain postfix (it seems to reference postfix, but then aliases it to unconfined). Again, the Guide suggests I could write new policy specifically for something like postfix, in essence extending the targeted policy. Interestingly, I see that the gentoo project has a whole bunch of SELinux policies available, including one for postfix. A side question I have is: does it make sense to adapt/use the policies available in the gentoo project to extend the targeted policy for new processes, or is that a bad idea?
Adapting policies from Gentoo to RHEL4 is unlikely to be fruitful due to divergence between their base policies, but there is already a postfix policy in the upstream example and/or reference policy, and that is included in Fedora Core 4 and later I believe. So you can use the postfix policy from Fedora instead, with some modification.