* ANN: Fedora Core 5 SELinux FAQ
@ 2006-03-29 1:45 Chad Sellers
[not found] ` <80d7e4090603290919j7fbe917ctb8e0fbd1e83a02d8@mail.gmail.com>
0 siblings, 1 reply; 3+ messages in thread
From: Chad Sellers @ 2006-03-29 1:45 UTC (permalink / raw)
To: SELinux, fedora-selinux-list, selinuxdev
The Fedora Core 5 SELinux FAQ is now available at
http://fedora.redhat.com/docs/selinux-faq-fc5. Let me know if you have
any corrections or suggestions. Also, check out the Fedora SELinux wiki
at http://fedoraproject.org/wiki/SELinux, which includes a section for
adding proposed additions to the FAQ.
Thanks,
Chad
--
----------------------
Chad Sellers
Tresys Technology, LLC
csellers@tresys.com
http://www.tresys.com
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: ANN: Fedora Core 5 SELinux FAQ
[not found] ` <80d7e4090603290919j7fbe917ctb8e0fbd1e83a02d8@mail.gmail.com>
@ 2006-03-29 17:53 ` Stephen Smalley
2006-03-29 18:03 ` Stephen Smalley
0 siblings, 1 reply; 3+ messages in thread
From: Stephen Smalley @ 2006-03-29 17:53 UTC (permalink / raw)
To: Stephen J. Smoogen; +Cc: Chad Sellers, fedora-selinux-list, SELinux, selinuxdev
On Wed, 2006-03-29 at 10:19 -0700, Stephen J. Smoogen wrote:
> I am trying to go over the questions in here one by one.. as I need to
> work out what could be done for some systems where I work. I have one
> question so far:
>
> Q: What about the strict policy? Does it even work?
> [From the list at release time.. I thought strict policy was broken
> for Core.]
Yes, -strict in FC5 is broken at the moment, although there is ongoing
work to resolve the issues needed to get it working. The breakage isn't
really anything to do with -strict per se, just fully modularized policy
(breaking down even the base policy into lots of individual modules).
> Q: What is the Reference Policy?
>
> [I found I am really confused by this answer.. if my muddled brain
> is getting this correct.. the Reference Policy is the base policy that
> the Fedora Core 5 targeted, strict, mls policies are based off of the
> Reference Policy.. or are there 2 sets of policies shipped with Fedora
> Core 5 some of which are based off of the old set and the others by
> the new set.]
Reference policy is the new source policy tree from which all policy
types (-strict, -targeted, -mls) are being built. Previously, they were
being built from the NSA example policy source tree.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: ANN: Fedora Core 5 SELinux FAQ
2006-03-29 17:53 ` Stephen Smalley
@ 2006-03-29 18:03 ` Stephen Smalley
0 siblings, 0 replies; 3+ messages in thread
From: Stephen Smalley @ 2006-03-29 18:03 UTC (permalink / raw)
To: Stephen J. Smoogen; +Cc: Chad Sellers, fedora-selinux-list, SELinux, selinuxdev
On Wed, 2006-03-29 at 12:53 -0500, Stephen Smalley wrote:
> > Q: What is the Reference Policy?
> >
> > [I found I am really confused by this answer.. if my muddled brain
> > is getting this correct.. the Reference Policy is the base policy that
> > the Fedora Core 5 targeted, strict, mls policies are based off of the
> > Reference Policy.. or are there 2 sets of policies shipped with Fedora
> > Core 5 some of which are based off of the old set and the others by
> > the new set.]
>
> Reference policy is the new source policy tree from which all policy
> types (-strict, -targeted, -mls) are being built. Previously, they were
> being built from the NSA example policy source tree.
I'm guessing that you were confused by this statement from the FAQ:
"Fedora policies at version 1.x are based on the traditional example
policy. Version 2.x policies (as used in Fedora Core 5) are based on the
Reference Policy."
This doesn't mean that there are two branches of policy (1.x and 2.x)
being carried in FC5; FC5 only has version 2.x.y policies based on
refpolicy. The above statement from the FAQ just means that when the
developers switched from using example policy to reference policy as
their source base during development of FC5, they changed the package
version from being a 1.x series to being a 2.x series to signify that a
major change had occurred. So when you see a policy package that has a
1.x version, you know you are dealing with a policy built from example
policy (as in FC4, RHEL4, FC3), and when you see a 2.x version, you know
you are dealing with a policy built from refpolicy (as in FC5 and
everything going forward).
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-03-29 18:03 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-03-29 1:45 ANN: Fedora Core 5 SELinux FAQ Chad Sellers
[not found] ` <80d7e4090603290919j7fbe917ctb8e0fbd1e83a02d8@mail.gmail.com>
2006-03-29 17:53 ` Stephen Smalley
2006-03-29 18:03 ` Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.