On Tue, 2008-01-08 at 12:05 -0500, Paul Moore wrote: > On Thursday 06 December 2007 4:38:52 pm tmiller@xxxxxxxxxx wrote: > > Updated policycap patch set based on recent discussion. The > > consensus seems to be to only allow policycaps in the base module. > > This is now enforced by the checkpolicy/checkmodule parser. > > I haven't heard much about this patch lately - what is the current > status? I know Stephen had some minor comments but other than that I > didn't see any objections ... It was merged. checkpolicy 2.0.7 and libsepol 2.0.18. But you now need a base module re-built with the capabilities defined. So we need to get a policy patch that does that if/when we are ready to turn on the new networking controls for real. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
