F2B is a very important part of my security defences and I am very
grateful to it and the developers who work on it.
However, as we know, security needs to be multi-layered, and one of the
other defences I use on my Fedora 11 server is Selinux. Unfortunately
F2B seems to create several selinux AVCs in its daily running and in
peripheral operations such as logrotation. In order for it to work with
selinux in "enforcing" mode I need to have several custom selinux
policies. According to the people on the selinux list F2B has many
"leaked file descriptors" (whatever they are).
I am no expert in selinux (nor in F2B!) but I would like to request that
someone with more knowledge than me can work with the selinux people in
making F2B "clean" for use with selinux.
Can anyone help?
Thanks in advance
-----BEGIN PGP SIGNED MESSAGE-----
Arthur Dent wrote:
> policies. According to the people on the selinux list F2B has many
> "leaked file descriptors" (whatever they are).
I think the obvious first step would be to ask them to provide all the information they have
regarding f2b, selinux and 'leaked file descriptors', as they obviously have an advantage. Feel free
to act as liason, and make sure you take a towel with you (internal joke!) :)
I'll be available for that. I probably might need to subscribe to the selinux mailing list.
Arturo "Buanzo" Busleiman
Independent Linux and Security Consultant - OWASP - SANS - OISSG
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----