Hi,

After talking to Stephen (spb) for some time, mainly about the SELinux support for workstations/desktops, I've decided to take some work on this, mainly to achieve the level of usability that it might require when talking in terms of a strict policy, that is, *our* (doesn't it sound good? ;) ) base policy.

Some problems I've experienced so far, soem common between my work within Ubuntu Hardened and also now as a candidate for Gentoo developership who wants to help with Hardened Gentoo and Gentoo security work (among anything that might be required):

 - D-BUS policy files missing: problems with D-BUS:

dunruin policy-1.22 # /etc/init.d/dbus restart
Authenticating lorenzo.
Password:
 * Starting D-BUS system messagebus ...
Failed to start message bus: Failed to open "/etc/security/contexts/dbus_contexts": No such file or directory                                          [ !! ]

(Will file a bug report regarding this one later)

contexts files should be kept on /etc/security/selinux/contexts/, instead of /etc/security.

 * User handling: we must try to make it more usable, or at least take a look at gdm when you log in with an user which is not defined in /etc/security/selinux/src/policy/users, and then decide if that's what we want for a forthcoming user base.

 * SELinux support in genkernel (--lsm, --selinux), I'll work on it.

BTW, also on --grsecurity, --grsecurity-low, --grsecurity-medium, etc, --pax...
I've discovered that great and useful piece of software, my fault ;)

More coming after this week, I'll keep testing and working on my fresh Gentoo laptop with the SELInux 2005.0 profile (BTW, udev transition might need to be worked out in order to avoid all the painful process of checking for each missing device node).

Cheers, thanks in advance.
Lorenzo.