SELinux in FC5

Daniel J Walsh dwalsh at redhat.com
Tue Nov 29 16:19:19 UTC 2005 

Teak Billard wrote:
> Hi:
>
> Will the refpolicy be available alongside targeted and strict? 
refpolicy refers to the source and the method of policy, not the type.  
So currently we are using reference policy to build both targeted and 
mls.  Strict will be coming as soon as we get all the policy packages 
ported over. 
We are now using one source package selinux-policy to build the noarch 
packages selinux-policy-targeted, selinux-policy-mls and eventually 
selinux-policy-strict.  So you will see the selinux-policy-*.src.rpm 
files dissappearing.  We also no longer ship the selinux-policy-*-source 
packages.  You will need to install the .src.rpm in order to work with 
the sources.   You can now build your own policy customizations using 
loadable modules without requiring the sources.  So you can build and 
install a local.te file.  Audit2allow has the ability to create a proper 
syntaxed loadable module.  Please make sure you study its output before 
installing.
> And will refpolicy find itself in RHEL eventually? 
Yes RHEL5
> I've been keeping tabs on this technology for a while and to me it 
> seems to be one of the biggest improvements to OS security.   Could 
> you give me an example where refpolicy outshines  the other two  main 
> policies?
>
Loadable modules, is the key reason for going to reference policy.   
There also has been a cleanup and review of the policy.
> Thanks,
> Teak
>
>
> */Rahul Sundaram <sundaram at redhat.com>/* wrote:
>
>     Teak Billard wrote:
>
>     > Hello:
>     >
>     > Have there been chanegs to the libraries that SELinux uses? I
>     saw in
>     > one of the last rawhide reports that 3 of the main libraries/policy
>     > stuff had been removed. Is there new functionality to SELinux? How
>     > is it coming along in FC5? Thanks,
>
>     SELinux in Fedora Core 5 is switching to the referenc! e policy
>     (http://serefpolicy.sourceforge.net/). The development tree before
>     the
>     test1 attempted to use it but there was some hiccups and it was
>     pulled
>     back. Now that the test release is out it is seeping in again. There
>     will be additional functionality like MCS and MLS policies among
>     several
>     other changes.More details on the proposed plans is available from
>     http://fedoraproject.org/wiki/FC5Future.
>
>     Feedback on how well its coming along is welcome.
>
>     regards
>     Rahul
>
>     -- 
>     fedora-test-list mailing list
>     fedora-test-list at redhat.com
>     To unsubscribe:
>     https://www.redhat.com/mailman/listinfo/fedora-test-list
>
>
> ------------------------------------------------------------------------
> Yahoo! DSL 
> <http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=37474/*http://promo.yahoo.com/broadband/%20> 
> Something to write home about. Just $16.99/mo. or less 


--

More information about the fedora-test-list mailing list