-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/30/2011 02:10 PM, Miroslav Grepl wrote: > On 06/29/2011 07:48 PM, Dominick Grift wrote: >> >> On Wed, 2011-06-29 at 15:07 -0400, Marcos Ortiz wrote: >>> Regards to all the list >>> Where I can find the new features introduced in Fedora 15 and 16 on the >>> SElinux base policy? >>> - Bugs fixes >>> - Support of new applications >>> - New applications to make the System Administrator's work more easy >>> >>> I need this information because I'm preparing a talk about "Advanced >>> PostgreSQL Data Protection with SELinux", so >>> I want in that moment to comment these new features. >>> >>> Any advices is welcome. >>> Thanks a lot for your time >>> >> I usually find out whats new in various ways: >> >> 1. See the policy git repository for new commits ( bugfixes and support >> for new applications) >> >> http://git.fedorahosted.org/git/?p=selinux-policy.git;a=summary >> >> 2. See the policycoreutils. libsepol, libmanage, checkpolicy changelogs >> for the "user land" related changed. >> >> 3. See the nsa.gov selinux maillist archives for SELinux changes in the >> kernel. >> >> 4. Keep an eye on dwalsh' livejournal blog. He will often touch on new >> interesting features. >> >> 5. Keep an eye on the tresys.com refpolicy maillist archives for changes >> to policy upstream >> >> Some of the things that recently added that i can come up with is: >> >> moving /selinux to /sys/fs/selinux >> read policy from /sys/fs/selinux/policy >> named file transitions > https://fedoraproject.org/wiki/Features/SELinuxFileNameTransition >> audit_access capability permission >> various new policy module >> semanage --equiv option >> >> and everything else i forgot... >> >> >> >> >> -- >> selinux mailing list >> selinux@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/selinux > > > > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux You can also get a list of permissive domains for each release which gives you a good idea of the new confined domains being developed for that release. F16 shows abrt_retrace_coredump_t abrt_retrace_worker_exec_t callweaver_t dspam_t fail2ban_client_t gnomeclock_systemctl_t lldpad_t mscan_t puppetca_t pyicqt_t rhev_agentd_t sanlock_t telepathy_logger_t traffic_cop_t traffic_manager_t traffic_server_t wdmd_t zarafa_indexer_t F15 Shows gnomeclock_systemctl_t telepathy_gabble_t telepathy_sofiasip_t mock_t keyboardd_t telepathy_idle_t telepathy_mission_control_t matahari_serviced_t telepathy_salut_t zarafa_indexer_t firewalld_t telepathy_sunshine_t colord_t telepathy_stream_engine_t systemd_notify_t systemd_passwd_agent_t mozilla_plugin_t matahari_hostd_t matahari_netd_t passenger_t systemd_tmpfiles_t foghorn_t telepathy_msn_t namespace_init_t -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk4MoSMACgkQrlYvE4MpobMgGACfQ15FFGLSrXROEqXjCz3fFk7u 3/4AoNViLWCkcJ55Lq5ajAa7pa3VEWiG =Kf8L -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
