[ANN] SELinux Policy Editor 2.0(seedit 2.0)
Stephen Smalley
sds at tycho.nsa.gov
Mon Jul 10 21:03:29 UTC 2006
On Thu, 2006-07-06 at 15:29 -0400, Yuichi Nakamura wrote:
> Hi.
>
> I am glad to announce that SELinux Policy Editor 2.0(seedit 2.0) has been released.
> seedit is a tool to make SELinux easy.
> We have renewed the tool. Almost everything have been changed.
> Policy generator, new GUI are developed, and many others.
> You can download and try it from
> http://seedit.sourceforge.net
> Manuals are also provided.
> It supports Fedora Core 5 and Cent OS 4.
>
> If you have question, please feel free to contact me.
What are your plans for modular policy support? In the absence of it,
using your tool/policy on FC5 will disable the ability to use policy
modules and semanage on FC5, which would be a regression for users and
may break some packages that are beginning to leverage the semodule and
semanage functionality.
> allownet -protocol tcp -port 80 server.
Be aware that the old network controls are being superseded by the new
secmark functionalty, so you will need to rework your tool to generate
the new allow...:packet { send recv} rules and to generate iptables
rules for marking the packets appropriately for 2.6.18 and later, unless
you enable compatibility mode for the old checks.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list