On Tuesday 08 January 2008 2:01:37 pm Stephen Smalley wrote: > On Tue, 2008-01-08 at 12:05 -0500, Paul Moore wrote: > > On Thursday 06 December 2007 4:38:52 pm tmiller@xxxxxxxxxx wrote: > > > Updated policycap patch set based on recent discussion. The > > > consensus seems to be to only allow policycaps in the base > > > module. This is now enforced by the checkpolicy/checkmodule > > > parser. > > > > I haven't heard much about this patch lately - what is the current > > status? I know Stephen had some minor comments but other than that > > I didn't see any objections ... > > It was merged. checkpolicy 2.0.7 and libsepol 2.0.18. > But you now need a base module re-built with the capabilities > defined. So we need to get a policy patch that does that if/when we > are ready to turn on the new networking controls for real. Great, thanks for the update. -- paul moore linux security @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
