SWLinux Documentation (was Re: Expectation Management for Test Releases)

Geoffrey Leach geoff at cdepot.net
Wed Apr 21 19:17:30 UTC 2004 

On 04.20 20:28, Jeremy Katz wrote:
> On Tue, 2004-04-20 at 18:01, Gene C. wrote:
> > So, my question:  For FC2 final (and really Test3 also), should those of us 
> > interested in selinux and willing to put up with some problem continue to 
> > install it enabled?  If policy is going to be redesigned, is this worth the 
> > effort.  Naturally, any bugs found in FC2T3 would be reported but I am not 
> > sure anyone will have time to address them.  Furthermore, if the plan is to 
> > redesign things post FC2 (planned for FC3 I assume), little attention will be 
> > given to bugs in this old mechanism.
> 
> Yes, we very much strongly encourage those who are very interested in
> SELinux and comfortable enough to work with it to continue installing
> with it enabled and in enforcing mode as well as continue to help us
> work out the problems as they're discovered.  That's why we're leaving
> the possibility of enabling it there.  
> 
> It's just that it's not ready for the masses to consume yet, and in
> doing so, we'd just end up with a Fedora Core release that was less
> stable and with many apparent bugs due to SELinux.  We'll probably go
> through this again with FC3 where I plan to return things to enforcing
> by default in the development tree very soon after the release of FC2.
> 
> As far as redesign of policy, there's discussion around developing a
> less strict policy, ie, one that allows users in general to do things
> but takes the approach of locking down specific services.  But the hope
> is to do this in such a way that you can trivially switch back and forth
> between the policies with a simple toggle and thus any testing on the
> stricter policy we have now will still be quite useful.  Think of it
> along the lines of the old Medium vs High firewall distinction.

I'm happy to see that mass confusion will be avoided!  I did make a somewhat determined effort to locate a moderately technical article on the implementation of SELinux in FC2T2 and was unsuccessful.  Following a link from the unoffical FAQ got me to a several-years-old article, but that was unhelpful.  Has anyone written an article that describes the implementation in FC2T2?  Something that says, in effect, here is SELinux, here's what it does, how you interact with it, how the policies work, how they are modified, ...??

Geoffrey

More information about the fedora-test-list mailing list