Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp234563pxb; Wed, 20 Jan 2021 05:55:57 -0800 (PST) X-Google-Smtp-Source: ABdhPJwWs+DJ0Fe+S0xt+ZqltGcKzldkiAUqYYig2771IagwV/5vlHsY4IS/ak0WL7pO1v8R8Uh1 X-Received: by 2002:aa7:d511:: with SMTP id y17mr7612725edq.112.1611150957418; Wed, 20 Jan 2021 05:55:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611150957; cv=none; d=google.com; s=arc-20160816; b=RXdSO7jevIlzpLI4z/Zj3GDnkvEDMEffUD2m2cMLvkJ2m5StdQZXLTbs7R0GAH02ir qM8bHBIfBI0swDbcF7bN5V8OPg2Je6KDUG1MiVwFp9CXNUK4sWSIW/GCt+xLIlELbDWb //ZLWbPNzIQHbR6+EAXYZs3cfXN8kmfvsjVGtCP0tYDIvc7ilS6TkkDZkX9mn1z2EwEV 65rj7O4J/RvqVAyFHmD8FJfiUtSweD6YzImHA8xqRrzr+SIeGBSZmdP4Rmr8/8x6mqW6 FOVDe+oIGvvZ+iq45zaHRs/VpMiKAGbEV4anrdGs8e4v6TqDbZsjNOky26UILBaxnRxq gUEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature; bh=c2vRwTO7GTdmLt0+uT9Q3hJULeYILhdBxVMsWq97xUY=; b=ZBfKzpORJgaLsTxCxqSjt7L5+dehThEbXaQ5dvz03adtOiMBai2QCTVcrxEv8BEeJT UjKZR4Z4M9vpj7+Gh2etS/3Tn7uuBuHEbsxK38+jBkjUswhYWt5dKMI6kzBrCS3lCMmo 8aQa/DFNYZT0PJuGKEDd+7GHrHvwDrd6twEy7jYJQo+OBPS8AGYziGIuf5LvzD7uTAsR OSTxLn/gUM53RryBKHeliEz5yvJbK7hbbaZkgt4+pUdqUNwkkA+AK3i9vKPXuES33aOR DAzebB6xTv+SDuBTOXO4hFQuzcnrGtE4MrQmfmSSwwi12Q/LG32/usdHxcMcgIriUC53 2UqQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@btinternet.com header.s=btmx201904 header.b=fy5mafaZ; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=btinternet.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c14si879915edw.442.2021.01.20.05.55.53; Wed, 20 Jan 2021 05:55:57 -0800 (PST) Received-SPF: pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@btinternet.com header.s=btmx201904 header.b=fy5mafaZ; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=btinternet.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729520AbhATMtI (ORCPT + 16 others); Wed, 20 Jan 2021 07:49:08 -0500 Received: from mailomta5-sa.btinternet.com ([213.120.69.11]:35116 "EHLO sa-prd-fep-046.btinternet.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1732101AbhATLz4 (ORCPT ); Wed, 20 Jan 2021 06:55:56 -0500 Received: from sa-prd-rgout-003.btmx-prd.synchronoss.net ([10.2.38.6]) by sa-prd-fep-046.btinternet.com with ESMTP id <20210120115512.BRPL28150.sa-prd-fep-046.btinternet.com@sa-prd-rgout-003.btmx-prd.synchronoss.net>; Wed, 20 Jan 2021 11:55:12 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btinternet.com; s=btmx201904; t=1611143712; bh=c2vRwTO7GTdmLt0+uT9Q3hJULeYILhdBxVMsWq97xUY=; h=Message-ID:Subject:From:To:Cc:Date:In-Reply-To:References:MIME-Version; b=fy5mafaZNNkhUeOBj08qL2/GEA9YuDcODprqd0J3JBJJ7zDyCUiVpH248sZOpA4HlqvCm69kl13z7818sYatK2L6MaSV0KUEJpLVy8nwn1Gk0emlK/uw/YQd6buz+0gptsv6I1LQV+5a5uhm7aSy1W2G5tZT0iiJvogwFmMZV3UY3pW6SQo+V/MRCQ2wT3QhLuLsxX7dcbmlhdZQzTTHHPDbcGcDLZwN+UnCs8CxCUd7MourJsp3wpI/xE0famAd8cBgecsWuIT88abMYIT5VdflOzlvt4gO23N/kldyzHJ9eVR/sTSm8z7w321JKiiNBWhpE5gSbz0lHQtfT0r7rQ== Authentication-Results: btinternet.com; auth=pass (LOGIN) smtp.auth=richard_c_haines@btinternet.com X-SNCR-Rigid: 5ED9AFBE23A4C332 X-Originating-IP: [109.158.127.42] X-OWM-Source-IP: 109.158.127.42 (GB) X-OWM-Env-Sender: richard_c_haines@btinternet.com X-VadeSecure-score: verdict=clean score=0/300, class=clean X-RazorGate-Vade: gggruggvucftvghtrhhoucdtuddrgeduledruddvgdefiecutefuodetggdotefrodftvfcurfhrohhfihhlvgemuceutffkvffkuffjvffgnffgvefqofdpqfgfvfenuceurghilhhouhhtmecufedtudenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepkffuhffvffgjfhgtfggggfesthejredttderjeenucfhrhhomheptfhitghhrghrugcujfgrihhnvghsuceorhhitghhrghruggptggphhgrihhnvghssegsthhinhhtvghrnhgvthdrtghomheqnecuggftrfgrthhtvghrnhepteetveegheevieeifeekvdeiheejvedtieelfffffeevleeijeevvdejvdduudegnecuffhomhgrihhnpehgihhthhhusgdrtghomhenucfkphepuddtledrudehkedruddvjedrgedvnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehhvghloheplgduledvrdduieekrddurdduleekngdpihhnvghtpedutdelrdduheekrdduvdejrdegvddpmhgrihhlfhhrohhmpeeorhhitghhrghruggptggphhgrihhnvghssegsthhinhhtvghrnhgvthdrtghomhequceuqfffjgepkeeukffvoffkoffgpdhrtghpthhtohepoeguohhmihhnihgtkhdrghhrihhfthesuggvfhgvnhhsvggtrdhnlheqpdhrtghpthhtohepoehsvghlihhnuhigqdhrvghfphholhhitgihsehvghgvrhdrkhgvrhhnvghlrdhorhhgqedprhgtphhtthhopeeoshgvlhhinhhugiesvhhgvghrrdhkvghrnhgvlhdrohhr gheq X-RazorGate-Vade-Verdict: clean 0 X-RazorGate-Vade-Classification: clean X-SNCR-hdrdom: btinternet.com Received: from [192.168.1.198] (109.158.127.42) by sa-prd-rgout-003.btmx-prd.synchronoss.net (5.8.340) (authenticated as richard_c_haines@btinternet.com) id 5ED9AFBE23A4C332; Wed, 20 Jan 2021 11:55:11 +0000 Message-ID: <8776cbb2687a09ed5b4e5b3cf0c50ade6c018fa6.camel@btinternet.com> Subject: Re: [RFC PATCH 1/1] selinux-notebook: Add new section for Embedded Systems From: Richard Haines To: Dominick Grift Cc: selinux@vger.kernel.org, selinux-refpolicy@vger.kernel.org Date: Wed, 20 Jan 2021 11:55:02 +0000 In-Reply-To: References: <20210119105747.9680-1-richard_c_haines@btinternet.com> <20210119105747.9680-2-richard_c_haines@btinternet.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.38.3 (3.38.3-1.fc33) MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org On Tue, 2021-01-19 at 14:18 +0100, Dominick Grift wrote: > Richard Haines writes: > > > Add a new section and supporting examples for embedded systems. > > Nice initiative, thanks. Looks pretty solid for a first iteration. > > I wrote a document for OpenWrt here [1]. Basically the instructions > needed > to assemble OpenWrt from modules applicable to a particular system, > but also how > to build on top of it, or now to just fork it so that you can use it > as > a base for your own policy. > > [1] > https://github.com/doverride/openwrt-selinux-policy/blob/master/README.md > > I am currently pretty happy with the results so far (its a work in > progress, and there are known loose ends) > > One of the differences compared with android is that SELinux is not > tightly integrated in OpenWrt, and so most of the tough aspects are > addressed in policy > rather than adding selinux-awareness all over. SELinux in OpenWrt is > therefore > fairly self-contained and considering the challenges fairly robust. > Thanks, I've worked these comments into the next version.