ANN/RFC: SELinux Reference Policy 3 pre-alpha

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



SELinux Reference Policy 3 is a rewrite using the Cascade policy language. This new language allows a shift in the approach of the policy. With the new ability to delete rules as a feature of the language, the approach in refpolicy3 is to a slightly coarser granularity than in v2, aimed at making common case usage the main focus. This includes a focus on creating higher level abstractions while keeping low level functions for cases where tight least privilege access is required.

https://github.com/pebenito/refpolicy3

**Refpolicy 2 will continue to be maintained as normal.**

This is pre-alpha quality. It is using the Cascade language which is also in development. As such, syntax, structure, and API may change at any time. This is developing in advance of the compiler development, so you should not expect it to compile at this time.

This is also an RFC. Please review and comment on structure, style, etc. Now is the time, as the design is not set. We implemented the majority of kernel and system layers of refpolicy and are eager to hear your feedback while the policy is still in its early stages so broad changes are easier.

Please send any discussion to the refpolicy mail list. If you would like to contribute, pull requests on GitHub are strongly preferred, but patches on the refpolicy mail list are also accepted.

For more information on the Cascade policy language see:

https://github.com/dburgener/cascade


--
Chris PeBenito



[Index of Archives]     [AMD Graphics]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux