Teak Billard wrote:
Hi:
Will the refpolicy be available alongside targeted and strict?
refpolicy refers to the source and the method of policy, not the type.
So currently we are using reference policy to build both targeted and
mls. Strict will be coming as soon as we get all the policy packages
ported over.
We are now using one source package selinux-policy to build the noarch
packages selinux-policy-targeted, selinux-policy-mls and eventually
selinux-policy-strict. So you will see the selinux-policy-*.src.rpm
files dissappearing. We also no longer ship the selinux-policy-*-source
packages. You will need to install the .src.rpm in order to work with
the sources. You can now build your own policy customizations using
loadable modules without requiring the sources. So you can build and
install a local.te file. Audit2allow has the ability to create a proper
syntaxed loadable module. Please make sure you study its output before
installing.
And will refpolicy find itself in RHEL eventually?
Yes RHEL5
I've been keeping tabs on this technology for a while and to me it
seems to be one of the biggest improvements to OS security. Could
you give me an example where refpolicy outshines the other two main
policies?
Loadable modules, is the key reason for going to reference policy.
There also has been a cleanup and review of the policy.
Thanks,
Teak
*/Rahul Sundaram <sundaram@xxxxxxxxxx>/* wrote:
Teak Billard wrote:
> Hello:
>
> Have there been chanegs to the libraries that SELinux uses? I
saw in
> one of the last rawhide reports that 3 of the main libraries/policy
> stuff had been removed. Is there new functionality to SELinux? How
> is it coming along in FC5? Thanks,
SELinux in Fedora Core 5 is switching to the referenc! e policy
(http://serefpolicy.sourceforge.net/). The development tree before
the
test1 attempted to use it but there was some hiccups and it was
pulled
back. Now that the test release is out it is seeping in again. There
will be additional functionality like MCS and MLS policies among
several
other changes.More details on the proposed plans is available from
http://fedoraproject.org/wiki/FC5Future.
Feedback on how well its coming along is welcome.
regards
Rahul
--
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
------------------------------------------------------------------------
Yahoo! DSL
<http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=37474/*http://promo.yahoo.com/broadband/%20>
Something to write home about. Just $16.99/mo. or less
--
--
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list