ANN: Updated SELinux core userland release

ANN: Updated SELinux core userland release

[Stephen Smalley]

An updated release of the SELinux core userland code is available from
the NSA web site, see:
http://www.nsa.gov/selinux/news.cfm#R070322

This is the first release to include the new development series along
with the stable series.  The most significant change so far in the
development series is the introduction of the sepolgen python module for
policy generation and the rewrite of audit2allow to use it.  Note that
the sepolgen interfaces are still subject to change.  A number of bug
fixes and code cleanups have also been applied to both the development
and the stable series since the last release.

Papers and presentations by NSA employees from the 2007 SELinux
Symposium last week have been added to the documentation page on the NSA
site; these should also appear on the SELinux Symposium site in the
future along with the other talks.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

ANN: Updated SELinux core userland release

[Stephen Smalley]

An updated release of the SELinux core userland code is available from
the NSA web site, see:
http://www.nsa.gov/selinux/news.cfm#R070925

Updated versions of the stable and development (trunk) series can be
downloaded from:
http://www.nsa.gov/selinux/code/

For those who use the sourceforge svn tree, the stable branch and trunk
have been tagged as 20070925 under tags/stable and tags/devel
respectively for this release.

It would be useful to know if anyone is using the stable branch; it was
created for use by users and distributions that want maximal stability
(bug fixes and trivial code cleanups only), e.g. to provide updates to
an existing distribution release like Debian etch or Fedora Core 6 or
RHEL 5 without risking the potentially more disruptive changes from the
trunk/devel series.  However, I  haven't gotten the impression that it
is being actively used.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: ANN: Updated SELinux core userland release

[Christopher J. PeBenito]

On Tue, 2007-09-25 at 15:55 -0400, Stephen Smalley wrote:
> An updated release of the SELinux core userland code is available from
> the NSA web site, see:
> http://www.nsa.gov/selinux/news.cfm#R070925
> 
> Updated versions of the stable and development (trunk) series can be
> downloaded from:
> http://www.nsa.gov/selinux/code/
> 
> For those who use the sourceforge svn tree, the stable branch and trunk
> have been tagged as 20070925 under tags/stable and tags/devel
> respectively for this release.
> 
> It would be useful to know if anyone is using the stable branch; it was
> created for use by users and distributions that want maximal stability
> (bug fixes and trivial code cleanups only), e.g. to provide updates to
> an existing distribution release like Debian etch or Fedora Core 6 or
> RHEL 5 without risking the potentially more disruptive changes from the
> trunk/devel series.  However, I  haven't gotten the impression that it
> is being actively used.

Gentoo uses the stable branch, and currently doesn't have plans to use
2.0.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: ANN: Updated SELinux core userland release

[Stephen Smalley]

On Wed, 2007-09-26 at 13:03 +0000, Christopher J. PeBenito wrote:
> On Tue, 2007-09-25 at 15:55 -0400, Stephen Smalley wrote:
> > An updated release of the SELinux core userland code is available from
> > the NSA web site, see:
> > http://www.nsa.gov/selinux/news.cfm#R070925
> > 
> > Updated versions of the stable and development (trunk) series can be
> > downloaded from:
> > http://www.nsa.gov/selinux/code/
> > 
> > For those who use the sourceforge svn tree, the stable branch and trunk
> > have been tagged as 20070925 under tags/stable and tags/devel
> > respectively for this release.
> > 
> > It would be useful to know if anyone is using the stable branch; it was
> > created for use by users and distributions that want maximal stability
> > (bug fixes and trivial code cleanups only), e.g. to provide updates to
> > an existing distribution release like Debian etch or Fedora Core 6 or
> > RHEL 5 without risking the potentially more disruptive changes from the
> > trunk/devel series.  However, I  haven't gotten the impression that it
> > is being actively used.
> 
> Gentoo uses the stable branch, and currently doesn't have plans to use
> 2.0.

Ok, maybe you can help give feedback then on what if any features you'd
like to see back ported from the trunk to the stable branch.  Examples
of things that are only presently in the 2.x series include:
- sepolgen and rewrite of audit2allow to use it,
- merge of setfiles and restorecon into a single program,
- merge of genhomedircon script into libsemanage,
- dlopen of libsepol by libselinux to avoid build-time dependency,
- disable dontaudit support in semodule and the libraries,
- improved error reporting in semodule and libsemanage for e.g. disk
full, read-only filesystem, etc.
- object class and permission discovery and mapping support,
- selabel interfaces and rewrite of setfiles to use them,
- per-command pam configs for newrole,
- refactored swig bindings for libselinux

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: ANN: Updated SELinux core userland release

[Christopher J. PeBenito]

On Wed, 2007-09-26 at 09:25 -0400, Stephen Smalley wrote:
> On Wed, 2007-09-26 at 13:03 +0000, Christopher J. PeBenito wrote:
> > On Tue, 2007-09-25 at 15:55 -0400, Stephen Smalley wrote:
> > > An updated release of the SELinux core userland code is available from
> > > the NSA web site, see:
> > > http://www.nsa.gov/selinux/news.cfm#R070925
> > > 
> > > Updated versions of the stable and development (trunk) series can be
> > > downloaded from:
> > > http://www.nsa.gov/selinux/code/
> > > 
> > > For those who use the sourceforge svn tree, the stable branch and trunk
> > > have been tagged as 20070925 under tags/stable and tags/devel
> > > respectively for this release.
> > > 
> > > It would be useful to know if anyone is using the stable branch; it was
> > > created for use by users and distributions that want maximal stability
> > > (bug fixes and trivial code cleanups only), e.g. to provide updates to
> > > an existing distribution release like Debian etch or Fedora Core 6 or
> > > RHEL 5 without risking the potentially more disruptive changes from the
> > > trunk/devel series.  However, I  haven't gotten the impression that it
> > > is being actively used.
> > 
> > Gentoo uses the stable branch, and currently doesn't have plans to use
> > 2.0.
> 
> Ok, maybe you can help give feedback then on what if any features you'd
> like to see back ported from the trunk to the stable branch.  Examples
> of things that are only presently in the 2.x series include:

> - disable dontaudit support in semodule and the libraries,

If nothing else, this would be choice.  And/or the unknown perms
handling.

> - refactored swig bindings for libselinux

If this fixes bugs in the current bindings, that'd be good choice too.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: ANN: Updated SELinux core userland release

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Christopher J. PeBenito wrote:
> On Wed, 2007-09-26 at 09:25 -0400, Stephen Smalley wrote:
>> On Wed, 2007-09-26 at 13:03 +0000, Christopher J. PeBenito wrote:
>>> On Tue, 2007-09-25 at 15:55 -0400, Stephen Smalley wrote:
>>>> An updated release of the SELinux core userland code is available from
>>>> the NSA web site, see:
>>>> http://www.nsa.gov/selinux/news.cfm#R070925
>>>>
>>>> Updated versions of the stable and development (trunk) series can be
>>>> downloaded from:
>>>> http://www.nsa.gov/selinux/code/
>>>>
>>>> For those who use the sourceforge svn tree, the stable branch and trunk
>>>> have been tagged as 20070925 under tags/stable and tags/devel
>>>> respectively for this release.
>>>>
>>>> It would be useful to know if anyone is using the stable branch; it was
>>>> created for use by users and distributions that want maximal stability
>>>> (bug fixes and trivial code cleanups only), e.g. to provide updates to
>>>> an existing distribution release like Debian etch or Fedora Core 6 or
>>>> RHEL 5 without risking the potentially more disruptive changes from the
>>>> trunk/devel series.  However, I  haven't gotten the impression that it
>>>> is being actively used.
>>> Gentoo uses the stable branch, and currently doesn't have plans to use
>>> 2.0.
>> Ok, maybe you can help give feedback then on what if any features you'd
>> like to see back ported from the trunk to the stable branch.  Examples
>> of things that are only presently in the 2.x series include:
> 
>> - disable dontaudit support in semodule and the libraries,
> 
> If nothing else, this would be choice.  And/or the unknown perms
> handling.
> 
>> - refactored swig bindings for libselinux
> 
> If this fixes bugs in the current bindings, that'd be good choice too.
> 
Red Hat basically freezes the release, and then apply patches only
sparingly to the release.  We do not usually backport major
functionality changes to previous releases.  So change like removal of
genhomedircon are considered to dangerous for RHEL.  (Although semodule
- -DB would be nice.)

Rawhide/F8 are built off trunk.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFG+nPLrlYvE4MpobMRAgB9AKCFbsh9OxHD7bzMs1QO7zTLx/v0CwCfUm99
P3r3DntvXnkbjBZF6yaGUmo=
=xNIU
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: ANN: Updated SELinux core userland release

[Stephen Smalley]

On Wed, 2007-09-26 at 14:06 +0000, Christopher J. PeBenito wrote:
> On Wed, 2007-09-26 at 09:25 -0400, Stephen Smalley wrote:
> > On Wed, 2007-09-26 at 13:03 +0000, Christopher J. PeBenito wrote:
> > > On Tue, 2007-09-25 at 15:55 -0400, Stephen Smalley wrote:
> > > > An updated release of the SELinux core userland code is available from
> > > > the NSA web site, see:
> > > > http://www.nsa.gov/selinux/news.cfm#R070925
> > > > 
> > > > Updated versions of the stable and development (trunk) series can be
> > > > downloaded from:
> > > > http://www.nsa.gov/selinux/code/
> > > > 
> > > > For those who use the sourceforge svn tree, the stable branch and trunk
> > > > have been tagged as 20070925 under tags/stable and tags/devel
> > > > respectively for this release.
> > > > 
> > > > It would be useful to know if anyone is using the stable branch; it was
> > > > created for use by users and distributions that want maximal stability
> > > > (bug fixes and trivial code cleanups only), e.g. to provide updates to
> > > > an existing distribution release like Debian etch or Fedora Core 6 or
> > > > RHEL 5 without risking the potentially more disruptive changes from the
> > > > trunk/devel series.  However, I  haven't gotten the impression that it
> > > > is being actively used.
> > > 
> > > Gentoo uses the stable branch, and currently doesn't have plans to use
> > > 2.0.
> > 
> > Ok, maybe you can help give feedback then on what if any features you'd
> > like to see back ported from the trunk to the stable branch.  Examples
> > of things that are only presently in the 2.x series include:
> 
> > - disable dontaudit support in semodule and the libraries,
> 
> If nothing else, this would be choice.  And/or the unknown perms
> handling.
> 
> > - refactored swig bindings for libselinux
> 
> If this fixes bugs in the current bindings, that'd be good choice too.

Ok, I've merged these changes and the improved error reporting for
libsemanage/semodule from trunk to stable in svn.  Let me know if you
spot any regressions.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

ANN: Updated SELinux core userland release

[Stephen Smalley]

An updated release of the SELinux core userland is available from the
NSA web site, see:
http://www.nsa.gov/selinux/news.cfm#R080305

Updated versions of the stable and development (trunk) series can be
downloaded from:
http://www.nsa.gov/selinux/code/

For those who use the sourceforge svn tree, the stable branch and trunk
have been tagged as 20080305 under tags/stable and tags/devel
respectively for this release.

A related work page has also been added to the web site to refer to
other applications of the Flask security architecture.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

ANN: Updated SELinux core userland release

[Stephen Smalley]

An updated release of the SELinux core userland is available from the
NSA web site, see:
http://www.nsa.gov/selinux/news.cfm#R080611

Updated versions of the stable and development (trunk) series can be
downloaded from:
http://www.nsa.gov/selinux/code/

For those who use the sourceforge svn tree, the stable branch and trunk
have been tagged as 20080611 under tags/stable and tags/devel
respectively for this release.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.