[ANN] Madison policy generation tools
Rahul Sundaram
sundaram at fedoraproject.org
Wed Dec 27 09:05:28 UTC 2006
Karl MacMillan wrote:
> The first public release of the Madison SELinux policy generation tools
> can be found at http://et.redhat.com/madison/. Madison is a new project
> to create command line and GUI policy generation tools that:
>
> * Create more readable and secure policy by leveraging the reference
> policy development environment.
> * Provide administrators with guidance and information to help them
> make good security decisions.
>
> This release focuses on the creation of a foundation library (in
> python). It only includes a single tool - audit2policy - that is a drop
> in replacement for audit2allow with better reference policy interface
> call generation (using the undocumented -R audit2allow flag).
>
> Contributions are very welcome. I'm looking for help with:
>
> * Testing (particularly interface call generation and module
> generation)
> * Documenation
> * Unit test creation
> * Code / tool development
>
> See the website for more details on contributing.
>
> To the authors of other policy generation tools: I would like to avoid
> duplication of effort where possible. The current release focuses on
> areas that other tools have not explored thoroughly. Moving forward I
> would to discuss how we can best work together.
>
> Please send any feedback to the selinux development list.
I dont want to subscribe to yet another list so I will send in my
comments here. I have put in a announcement in fedoraproject.org. A few
questions.
* I installed the FC6 version. audit2policy is the only tool in this
package as of now. Do you plan to include it within a existing package
or introduce a new one? Do you plan to replace audit2allow with this?
What are the specific differences between them?
* What is the plan for the GUI application? Is this connected to
system-config-selinux or semanage?
* There is absolutely no documentation on the madison package and
running audit2policy on its own doesnt return the prompt (that probably
should return some basic help and we need a man page). I can help with
writing documentation if someone can explain the details to me.
Rahul
More information about the fedora-selinux-list
mailing list