[ANN] Madison policy generation tools

Rahul Sundaram sundaram at fedoraproject.org
Wed Dec 27 09:05:28 UTC 2006 

Karl MacMillan wrote:
> The first public release of the Madison SELinux policy generation tools 
> can be found at http://et.redhat.com/madison/. Madison is a new project 
> to create command line and GUI policy generation tools that:
> 
>   * Create more readable and secure policy by leveraging the reference
>     policy development environment.
>   * Provide administrators with guidance and information to help them
>     make good security decisions.
> 
> This release focuses on the creation of a foundation library (in 
> python). It only includes a single tool - audit2policy - that is a drop 
> in replacement for audit2allow with better reference policy interface 
> call generation (using the undocumented -R audit2allow flag).
> 
> Contributions are very welcome. I'm looking for help with:
> 
>   * Testing (particularly interface call generation and module
>     generation)
>   * Documenation
>   * Unit test creation
>   * Code / tool development
> 
> See the website for more details on contributing.
> 
> To the authors of other policy generation tools: I would like to avoid 
> duplication of effort where possible. The current release focuses on 
> areas that other tools have not explored thoroughly. Moving forward I 
> would to discuss how we can best work together.
> 
> Please send any feedback to the selinux development list.

  I dont want to subscribe to yet another list so I will send in my 
comments here. I have put in a announcement in fedoraproject.org. A few 
questions.

* I installed the FC6 version. audit2policy is the only tool in this 
package as of now. Do you plan to include it within a existing package 
or introduce a new one? Do you plan to replace audit2allow with this? 
What are the specific differences between them?

* What is the plan for the GUI application? Is this connected to 
system-config-selinux or semanage?

* There is absolutely no documentation on the madison package and 
running audit2policy on its own doesnt return the prompt (that probably 
should return some basic help and we need a man page). I can help with 
writing documentation if someone can explain the details to me.

Rahul

More information about the fedora-selinux-list mailing list