sds at tycho.nsa.gov
Fri May 13 11:24:17 UTC 2005
On Fri, 2005-05-13 at 12:05 +0200, Aurelien Bompard wrote:
> OK, so there is nothing the upstream maintainers can/have to do.
Not entirely. They can eliminate the need for text relocations on their
shared objects, thereby avoiding the need to mark their shared objects
with texrel_shlib_t in the policy and reducing the resulting security
> How should third party vendors package their RPMs to make sure they work
> with SELinux, then ? Can we exclude /opt from the audits ?
Ultimately, they will be able to ship a "binary policy module" for their
package that includes an explicit set of dependency requirements on what
the base policy must provide. Binary policy module support was
developed by Tresys Technology (www.tresys.com/selinux) and is planned
to be upstreamed in June, for eventual inclusion in FC5/devel.
National Security Agency
More information about the fedora-selinux-list