User: Password:
|
|
Subscribe / Log in / New account

Fedora and CAPP

Fedora and CAPP

Posted Dec 11, 2008 18:08 UTC (Thu) by SEJeff (subscriber, #51588)
Parent article: Fedora and CAPP

If someone really care's about having CAPP-like security and is too cheap to shell out for RHEL perhaps that person should look into CentOS? This seems like an unreasonable level of paranoia to shove into a desktop distribution such as Fedora.


(Log in to post comments)

Fedora and CAPP

Posted Dec 11, 2008 20:15 UTC (Thu) by jspaleta (subscriber, #50639) [Link]

I think CAPP is definitely is an ill fitting for typical home users desktop or laptop applications. Is it for corporate? I don't know.

I feel this is the sort of thing that needs to be done modularly.
LSB compliance is provided modularly, we don't require default desktop installation to be LSB compliant. But a Fedora install can be made compliant via the installation of a package.

The interesting question isn't whether CAPP is valuable or not. The value of CAPP compliance, just like LSB compliance is not an intrinsic quality. The value of these things are situational, and are based on the policy needs you find yourself working in. Either it will matter to you or it will not.

The interesting question is, if its valuable to some subset of users and contributors, can it be implemented in a modular way. If Fedora CAPP compliance, even option compliance, helps get a linux development system into the door by lowering the red tape for a sysadmin...it has enough value to be worthwhile to be a Fedora 'feature'. It's just a question of how to implement that compliance so that it can co-exist with other Fedora usage scenarios.

-jef

Fedora and CAPP

Posted Dec 15, 2008 23:30 UTC (Mon) by Tet (subscriber, #5433) [Link]

I feel this is the sort of thing that needs to be done modularly. LSB compliance is provided modularly, we don't require default desktop installation to be LSB compliant. But a Fedora install can be made compliant via the installation of a package.

Agreed 100%. So why not implement the ban on running these apps with SELinux rather than with permissions? Any LSPP/CAPP compliant machine will be running SELinux anyway, and that way, there could be an selinux-policy-capp package for those that need it, and those that don't can do without.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds