Date: Wed, 2 Feb 2011 20:59:41 -0600
From: William Pitcock <nenolod@dereferenced.org>
To: alpine-devel@lists.alpinelinux.org
Subject: [alpine-devel] grsecurity RBAC for Alpine 2.2
Message-ID: <20110202205941.4c8ce4ff@petrie>
Precedence: list
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

hi,

i've been working on setting up RBAC integration for alpine 2.2, which
we can then enable by default in e.g. setup-alpine.

the plan is to have as /etc/grsec/policy:

include_dir /etc/grsec/policy.d

which allows packages to ship grsec policy files
in /etc/grsec/policy.d, e.g. /etc/grsec/policy.d/openssh
and /etc/grsec/policy.d/busybox containing RBAC policy considerations
for those packages.

this will make alpine even more locked down as UID=0 becomes basically
meaningless if the RBAC system is enabled.  in combination with our
other security measures, this should be an entirely overkill solution
for everybody's needs.

in setup-alpine we will do the following:

- prompt if the user wants to enable role-based access control
- if the user says yes, we will create a default admin role and prompt
  for a password and enable the grsec-rbac initscript at boottime.
- if the user says no, then we do nothing...

considerations:

- should we only allow RBAC on server and embedded targets for 2.2?
  (e.g. not on desktop installs; this means setup-desktop disables the
  grsec-rbac initscript for 2.2)

i'm presently working on the initscript and gradm integration, then
i'll put gradm in main.  once i have gradm in main, i'll commit package
updates adding policy bits to the core packages (openssh, udev,
busybox, so on.)

- nenolod


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---