On Tue, 2005-10-11 at 21:05 +0100, Mike Hearn wrote: > Hi, > > Can we have an update on this please - last I heard it was targetted for > FC5. Is this still on the cards? If so, are there any docs on how to use > it? I'm waiting for this feature so I can integrate autopackage with > SELinux (for instance by preventing packages loading kernel modules and > other risky things whilst still letting them run as root). The module support is already in rawhide (as part of the existing SELinux packages plus the introduction of libsemanage) but getting it properly integrated and used there is still work in progress (but still expected for FC5, I believe, barring any unexpected obstacles). Documentation is woefully lacking presently, but there is a README.MODULES in selinux-doc and some information over at http://sepolicy-server.sourceforge.net/index.php?page=module-language However, by itself, the module support doesn't solve the problem of confining packages/package managers. It just allows policy modules to be built and shipped separately from the base distro policy, with proper dependency checking when they are installed. For access control over the policy itself, you further need the policy server, which is also work in progress but I don't think targeted for FC5. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
