[DSE-Dev] New version of refpolicy headed towards incoming

Manoj Srivastava manoj.srivastava at stdc.com
Sun Feb 10 04:28:21 UTC 2008


Hi,

        With this version of the (surprisingly lintian clean) reference
 policy uploaded, all the SELinux packages, apart from setools, are now
 at the latest released versions (in Sid, that is). I have not yet
 packaged SVN HEAD for these packages, since I'd like to lurk for a bit
 on the selinux mailing lists before I package them.

        I am also toying with the idea of breaking out the reference
 policy packages into smaller chunks; so that we have a base policy
 (which is all that would be in standard); and rest can be broken out
 into smaller chunks (at one extreme is having a per package
 granularity, so apache policy would be one package, postfix policy
 another, and one may make use of the Enhances relationship :-)

        The ideal solution would lie somewhere in between one giant
 targeted/strict policy and each module in a separate package.  Figuring
 out which set of modules to carve out into a Debian package is going to
 be an interesting challenge.

        In the meanwhile, I have added a few  Debian specific bug fixes
 to the reference policy; I'll look at SVN head and see if they need to
 be pushed upstream.  In the meanwhile, please do send in AVC denial
 logs for the new policy in bug reports, we need to start cleaning up
 the reference policy now if we are to meet Lenny release deadlines.

        If people have private versions of refpolicy with fixes, I would
 appreciate it if you could diff your policy against the  version
 uploaded and send me the diffs.

        manoj
-- 
Check it out, send me comments, and dance joyously in the streets, Linus
Torvalds announcing 2.0.27
Manoj Srivastava <manoj.srivastava at stdc.com> <srivasta at acm.org>        
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C



More information about the SELinux-devel mailing list