ANN: Fedora Core 5 SELinux FAQ

Stephen Smalley sds at tycho.nsa.gov
Wed Mar 29 18:03:24 UTC 2006


On Wed, 2006-03-29 at 12:53 -0500, Stephen Smalley wrote:
> > Q: What is the Reference Policy?
> > 
> >   [I found I am really confused by this answer.. if my muddled brain
> > is getting this correct.. the Reference Policy is the base policy that
> > the Fedora Core 5 targeted, strict, mls policies are based off of the
> > Reference Policy.. or are there 2 sets of policies shipped with Fedora
> > Core 5 some of which are based off of the old set and the others by
> > the new set.]
> 
> Reference policy is the new source policy tree from which all policy
> types (-strict, -targeted, -mls) are being built.  Previously, they were
> being built from the NSA example policy source tree.

I'm guessing that you were confused by this statement from the FAQ:
"Fedora policies at version 1.x are based on the traditional example
policy. Version 2.x policies (as used in Fedora Core 5) are based on the
Reference Policy."

This doesn't mean that there are two branches of policy (1.x and 2.x)
being carried in FC5; FC5 only has version 2.x.y policies based on
refpolicy.  The above statement from the FAQ just means that when the
developers switched from using example policy to reference policy as
their source base during development of FC5, they changed the package
version from being a 1.x series to being a 2.x series to signify that a
major change had occurred.  So when you see a policy package that has a
1.x version, you know you are dealing with a policy built from example
policy (as in FC4, RHEL4, FC3), and when you see a 2.x version, you know
you are dealing with a policy built from refpolicy (as in FC5 and
everything going forward).

-- 
Stephen Smalley
National Security Agency




More information about the fedora-selinux-list mailing list