James Carter wrote: > I am looking at improving the policy infrastructure. The ultimate goal > is to make SELinux policy writing, policy customization, policy > management, and administration easier and less confusing. My focus will > be on the userspace parts of SELinux. > > My plan to do this is as follows: > (1) Determine and enumerate the existing problems of the current > infrastructure. > (2) Determine the desired capabilities and architecture of the ideal > infrastructure. > (3) Determine the changes needed to the current architecture to fix the > current problems and to provide the desired capabilities. > (4) Make the policy infrastructure as close to the ideal as possible > while providing some kind of backwards compatibility and taking other > practicalities into consideration. > > I have had some informal discussions with others internally and at > Tresys, and the five emails to follow have my summary of the problems > that have been identified in those discussions. > > My hope is that there will be a good discussion and that others on the > list will identify other problems and provide more details or examples > to the problems already identified. > I will throw my traditional comment on the pile as I didn't see that you had it on your list anywhere. The policy required to describe a system is too large. Thank you. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
