[freeswitch-sec] FreeSWITCH selinux policy sponsorship
R P Herrold
herrold at owlriver.com
Thu Sep 19 22:10:06 MSD 2013
On Mon, 9 Sep 2013, Brian West wrote:
> I personally do not have any experience in this area,
> Maybe someone on the Dev/Users list would be interested in
> this topic?
> On Sep 9, 2013, at 10:10 AM, Kristian Kielhofner <kris at kriskinc.com> wrote:
>> My company would like to sponsor the development of a proper selinux
>> policy for FreeSWITCH. How should we get this going?
been travelling -- sorry for the delay in reply
Hi, Kristian
Writing SElinux rules that are durable is tied to getting
repeatable packaging together (so that the binaries are
predictably in the same places), and talking across the same
network ports, etc. As FreeSwitch is somewhat a moving
target, and not 'packaged' in a 'major' distribution's main
line -- really, RHEL, CentOS or Fedora here -- a set of rules
need to be crafted and maintained locally
Are you using a packaging such as that from sipXecs / eZuce?
If so, I can probably guide you through the ruleset
generation. In which FS ML shall we do this? Cross-posting
to three is probably rather rude
... fwiw, I've posted pretty sharply to the negative about
pelple NOT using SELinux with FreeSwitch [1] in the past
-- Russ herrold
[1] http://orcorc.blogspot.com/2010/12/ripping-out-safeties.html
Join us at ClueCon 2013 Aug 6-8, 2013
More information about the freeswitch-sec
mailing list