Hi. I am glad to announce that SELinux Policy Editor 2.0(seedit 2.0) has been released. seedit is a tool to make SELinux easy. We have renewed the tool. Almost everything have been changed. Policy generator, new GUI are developed, and many others. You can download and try it from http://seedit.sourceforge.net Manuals are also provided. It supports Fedora Core 5 and Cent OS 4. If you have question, please feel free to contact me. Here is a brief introduction of seedit 2.0: 1. About SELinux Policy Editor SELinux Policy Editor(seedit) is a tool to make SELinux easy. It was originally developed by Hitachi Software, now is developed in SELinux Policy Editor Project(http://seedit.sourceforge.net). seedit is composed of Simplified Policy and tools such as GUI and policy generator. The most important is Simplified Policy. Simplified Policy is a policy described by Simplified Policy Description Language(SPDL). SPDL hides detail of SELinux configuration by name-based configuration and reducing number of permissions. Following is example policy for Apache by SPDL. domain httpd_t; include daemon.sp; program /usr/sbin/httpd; allow /var/www/** r,s; allownet -protocol tcp -port 80 server. ... As you see, type is not used. You can use file name, port number in configuration. SPDL is converted into SELinux policy by SPDL compiler. 2. New features in 2.0 In this release, we have renewed our tool. We improved usability and security. 2.1 Improvement in usability About usability, we learned a lot from AppArmor. We investigated AppArmor and taken good points of it. We have to thank to them :-) * New GUI We have developed new GUI "seedit Control Panel". It works on X Window System, implemented by python and pygtk. You can see screenshots at http://sourceforge.net/project/screenshots.php?group_id=135756 . You can do almost everything about SELinux from control panel. Features of control panel are following: - Policy Generator Read audit log and generate Simplified Policy. - Policy Template tool User can generate policy template for applications by answering some questions. - Editor Editor for SPDL, you can insert configuration by GUI. - Status checker It is like AppArmor's unconfined command. You can check network process's domain. You can see which domains are assigned unconfined domain. * Syntax of SPDL: We have taken some AppArmor's profile syntax into SPDL. * RBAC(Role-Based Access Control) Support You can switch on/off RBAC support easily by one command. See RBAC guide. 2.2 Improvement of security SPDL reduces number of permissions by integrating SELinux's permissions, but it affects security. We have re-designed permission integration of SPDL, as a research project at The George Washington University. For detail of SPDL, see document "Specification of Simplified Policy Description Language(SPDL)". More documents about security is in progress. 3. Feedback If you have question or want to say something to us, please e-mail to me(himainu-ynakam@xxxxxxxxx), or subscribe seedit-devel-list at http://sourceforge.net/mail/?group_id=135756 --- Yuichi Nakamura The George Washington University, Hitachi Software SELinux Policy Editor: http://seedit.sourceforge.net/ -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list