2005-06-15 01:14:09 +00:00
|
|
|
<h1>Status</h1>
|
2005-10-19 21:12:22 +00:00
|
|
|
<strong>Current Version: 20051019</strong>
|
2005-06-15 01:14:09 +00:00
|
|
|
<p>
|
2005-06-15 15:23:58 +00:00
|
|
|
See <a href="index.php?page=download">download</a> for download
|
2005-08-26 19:54:14 +00:00
|
|
|
information. Details of this release are part of the <a href="html/Changelog.txt">changelog</a>.
|
2005-09-22 18:40:05 +00:00
|
|
|
This release focused on updating the policy to bring it in line with
|
|
|
|
the NSA example policy in sourceforge CVS. Currently both strict and
|
|
|
|
targeted policies can be built. MLS policies can be built, but the
|
|
|
|
policy has not been tested on running systems. MCS support has also
|
2005-10-19 21:12:22 +00:00
|
|
|
been added, but it is still experimental. Loadable modules can
|
|
|
|
now be built with a compiler that has the require-in-conditionals,
|
|
|
|
delcare-then-require, and stack-overflow patches applied.
|
2005-06-15 15:23:58 +00:00
|
|
|
</p>
|
2005-08-02 15:19:49 +00:00
|
|
|
<p> </p>
|
|
|
|
<h2>Status and Tasks</h2>
|
2005-06-15 18:28:01 +00:00
|
|
|
<table border="1" cellspacing="0" cellpadding="3">
|
2005-06-15 17:32:40 +00:00
|
|
|
<tr>
|
2005-06-15 18:28:01 +00:00
|
|
|
<th class="title" colspan="3">Reference Policy Status</th>
|
|
|
|
</tr>
|
|
|
|
|
|
|
|
<tr>
|
|
|
|
<td class="header">Task/Component</td><td class="header">Status</td><td class="header">Description</td>
|
2005-06-15 17:32:40 +00:00
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>Policy Structure</td>
|
|
|
|
<td>Complete</td>
|
|
|
|
<td>The policy is converted over to new Reference Policy structure</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>TE Policy</td>
|
|
|
|
<td>Conversion Ongoing</td>
|
|
|
|
<td>Conversion of old policy to Reference Policy modules is ongoing</td>
|
2005-07-05 18:59:08 +00:00
|
|
|
</tr>
|
2005-06-15 17:32:40 +00:00
|
|
|
<tr>
|
|
|
|
<td>Loadable Policy Modules</td>
|
|
|
|
<td>Major improvements</td>
|
|
|
|
<td>Infrastructure is in place to support both source policy and
|
2005-09-22 18:40:05 +00:00
|
|
|
loadable policy modules. Makefile support completed.
|
2005-10-19 21:12:22 +00:00
|
|
|
Loadable modules can be built with a compler
|
|
|
|
that has the require-in-conditionals,
|
|
|
|
delcare-then-require, and stack-overflow patches
|
|
|
|
applied.</td>
|
2005-06-15 17:32:40 +00:00
|
|
|
</tr>
|
2005-07-05 18:59:08 +00:00
|
|
|
<tr>
|
2005-06-15 17:32:40 +00:00
|
|
|
<td>Documentation Infrastructure</td>
|
2005-09-07 14:45:49 +00:00
|
|
|
<td>Interfaces, templates, Booleans, and tunables complete</td>
|
|
|
|
<td>Tools to create webpages from the module interface and
|
|
|
|
template documentation is complete. Global Booleans and
|
|
|
|
tunables are supported. Booleans and tunables local to
|
|
|
|
policies are planned.</td>
|
2005-06-15 17:32:40 +00:00
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>Policy Documentation</td>
|
|
|
|
<td>Ongoing</td>
|
2005-09-07 14:45:49 +00:00
|
|
|
<td>Most modules are documented.</td>
|
2005-06-15 17:32:40 +00:00
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>Unused Modules</td>
|
|
|
|
<td>Complete</td>
|
|
|
|
<td>Modules can be disabled by using modules.conf.</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>MLS Infrastructure</td>
|
|
|
|
<td>Minor improvements</td>
|
|
|
|
<td>MLS infrastructure added to support easy conversion between
|
|
|
|
MLS and non-MLS policy. Policy is compilable, but
|
2005-09-07 14:45:49 +00:00
|
|
|
untested. Need further investigations to ensure
|
|
|
|
the levels in the policy are correct.</td>
|
2005-06-15 17:32:40 +00:00
|
|
|
</tr>
|
2005-09-22 18:40:05 +00:00
|
|
|
<tr>
|
|
|
|
<td>MCS Support</td>
|
|
|
|
<td>Minor improvements</td>
|
|
|
|
<td>MLS infrastructure has been extended to support MCS
|
|
|
|
categories in users and all contexts. MCS constraints
|
|
|
|
have been added. Policy is compilable, but untested.</td>
|
|
|
|
</tr>
|
2005-06-15 17:32:40 +00:00
|
|
|
<tr>
|
|
|
|
<td>Network Infrastructure</td>
|
|
|
|
<td>Minor improvements</td>
|
|
|
|
<td>All network ports, nodes, and interfaces moved to
|
|
|
|
corenetwork module, interfaces generated automatically.
|
|
|
|
Plan to add more infrastructure for configuration of
|
|
|
|
ports, nodes, and interfaces.</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>User domains and roles</td>
|
|
|
|
<td>Minor improvements</td>
|
|
|
|
<td>Some infrastructure added to support per-user domain policy,
|
|
|
|
e.g., to create types and policy for ssh,
|
|
|
|
for each user. Plan to add infrastructure to easily
|
|
|
|
configure userdomains and roles.</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>Labeling</td>
|
|
|
|
<td>Minor improvements</td>
|
|
|
|
<td>All labeling moved to modules, consistent with Reference
|
2005-09-07 14:45:49 +00:00
|
|
|
Policy structure. Levels can be added to the labels
|
|
|
|
without changes to the policy.</td>
|
2005-06-15 17:32:40 +00:00
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>Tunables</td>
|
|
|
|
<td>Minor improvements</td>
|
2005-09-07 14:45:49 +00:00
|
|
|
<td>Tunables are documented and included in the webpage policy
|
|
|
|
documentation.</td>
|
2005-06-15 17:32:40 +00:00
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>Users</td>
|
|
|
|
<td>Unchanged</td>
|
2005-09-07 14:45:49 +00:00
|
|
|
<td>Assignment of users to roles.</td>
|
2005-06-15 17:32:40 +00:00
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>Constraints</td>
|
|
|
|
<td>Unchanged</td>
|
2005-09-07 14:45:49 +00:00
|
|
|
<td>Plan to split up into relevant modules when loadable modules
|
|
|
|
support this. There are ordering problems with source
|
|
|
|
policies.</td>
|
2005-06-15 17:32:40 +00:00
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>Flask</td>
|
|
|
|
<td>Unchanged</td>
|
|
|
|
<td>Headers for the policy, describing object classes, and
|
2005-09-07 14:45:49 +00:00
|
|
|
their permissions. No planned changes.</td>
|
2005-06-15 17:32:40 +00:00
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>Genhomedircon</td>
|
|
|
|
<td>Unchanged</td>
|
|
|
|
<td>Tool to properly label users' home directories.
|
|
|
|
No planned changes</td>
|
|
|
|
</tr>
|
|
|
|
</table>
|
2005-08-02 15:19:49 +00:00
|
|
|
<p> </p>
|
|
|
|
<h2>Roadmap</h2>
|
|
|
|
<table cellpadding="3" cellspacing="0" border="1">
|
|
|
|
<tbody>
|
|
|
|
<tr>
|
|
|
|
<th colspan="3" class="title">Reference Policy Roadmap</th>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td class="header">Version</td>
|
|
|
|
<td class="header">Date</td>
|
|
|
|
<td class="header">Description</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>0.1</td>
|
|
|
|
<td>June 2005</td>
|
|
|
|
<td>Initial public release, basic policy restructuring, some infrastructure, few modules, and minimal documentation.</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>0.2</td>
|
|
|
|
<td>July 2005</td>
|
|
|
|
<td>Restructuring complete, additional modules, and improved infrastructure.</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>0.3</td>
|
|
|
|
<td>August 2005</td>
|
|
|
|
<td>Additional modules, documentation, and base module configuration support.</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>0.4</td>
|
|
|
|
<td>September 2005</td>
|
|
|
|
<td>Additional modules, documentation, and tested loadable module support.</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>0.5</td>
|
|
|
|
<td>October 2005</td>
|
|
|
|
<td>Additional modules, documentation, targeted policy, and tested MLS support</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>0.6</td>
|
|
|
|
<td>December 2005</td>
|
|
|
|
<td>Additional modules, documentation, and module variations</td>
|
|
|
|
</tr>
|
|
|
|
</tbody>
|
|
|
|
</table>
|
|
|
|
<p> </p>
|
2005-07-01 16:39:31 +00:00
|
|
|
<h2>Policy Conversion</h2>
|
|
|
|
<p>
|
|
|
|
This phase of reference policy development involves the conversion of policies
|
2005-09-22 18:40:05 +00:00
|
|
|
from the example strict policy. Please use the current NSA example policy
|
|
|
|
in <a href="http://cvs.sourceforge.net/viewcvs.py/selinux/nsa/selinux-usr/policy/">
|
|
|
|
NSA SourceForge CVS</a>.
|
2005-09-13 22:06:10 +00:00
|
|
|
We ask that modules that are in the targeted policy be given the first priority,
|
|
|
|
and then modules in the strict policy but not in targeted policy given second priority.
|
2005-09-13 21:49:35 +00:00
|
|
|
For those who wish to contribute, here is a listing of modules which need to be
|
|
|
|
converted:
|
2005-09-13 20:54:56 +00:00
|
|
|
</p>
|
|
|
|
<table cellpadding="3" cellspacing="0" border="1">
|
|
|
|
<tbody>
|
|
|
|
<tr>
|
|
|
|
<th colspan="3" class="title">Policy Module Status</th>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td class="header">Module Name</td>
|
|
|
|
<td class="header">Previous Policy Files</td>
|
|
|
|
<td class="header">Assigned To</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>amanda *+</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>amanda.te amanda.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>amavis</td>
|
|
|
|
<td>amavis.te amavis.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
2005-09-13 20:54:56 +00:00
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>asterisk</td>
|
|
|
|
<td>asterisk.te asterisk.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>audio-entropy</td>
|
|
|
|
<td>audio-entropyd.te audio-entropyd.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>authbind</td>
|
|
|
|
<td>authbind.te authbind.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>automount +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>automount.te automount.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<tr>
|
|
|
|
<td>backup</td>
|
|
|
|
<td>backup.te backup.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>bluetooth *+</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>bluetooth.te bluetooth.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>bonobo +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>bonobo.te bonobo.fc bonobo_macros.te</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>browser +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>mozilla.te mozilla.fc mozilla_macros.te</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>calamaris</td>
|
|
|
|
<td>calabaris.te calamaris.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>cdrecord +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>cdrecord.te cdrecord.fc cdrecord_macros.te</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>certwatch +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>certwatch.te certwatch.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>cipe</td>
|
|
|
|
<td>ciped.te ciped.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>clamav</td>
|
2005-09-13 22:01:53 +00:00
|
|
|
<td>clamav.te clamav.fc clamav_macros.te</td>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>courier</td>
|
|
|
|
<td>courier.te courier.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
2005-09-13 20:54:56 +00:00
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>cyrus *+</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>cyrus.te cyrus.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>daemontools</td>
|
|
|
|
<td>daemontools.te daemontools.fc daemontools_macros.te</td>
|
|
|
|
<td>Tresys</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>dante</td>
|
|
|
|
<td>dante.te dante.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>dcc</td>
|
|
|
|
<td>dcc.te dcc.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>ddclient</td>
|
|
|
|
<td>ddclient.te ddclient.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>ddcprobe +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>ddcprobe.te ddcprobe.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>distcc</td>
|
|
|
|
<td>distcc.te distcc.fc</td>
|
|
|
|
<td>Tresys</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>djbdns</td>
|
|
|
|
<td>djbdns.te djbdns.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
2005-09-13 20:54:56 +00:00
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>dnsmasq</td>
|
|
|
|
<td>dnsmasq.te dnsmasq.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>dpkg</td>
|
|
|
|
<td>dpkg.te dpkg.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>dovecot *+</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>dovecot.te dovecot.fc</td>
|
2005-10-14 20:19:51 +00:00
|
|
|
<td>Tresys</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>ethereal +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>ethereal.te ethereal.fc ethereal_macros.te</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>evolution +</td>
|
|
|
|
<td>evolution.te evolution.fc evolution_macros.te</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>fetchmail +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>fetchmail.te fetchmail.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>fontconfig +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>fontconfig.te fontconfig.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>gatekeeper</td>
|
|
|
|
<td>gatekeeper.te gatekeeper.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>gconf +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>gconf.te gconf.fc gconf_macros.te</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>games +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>games.te games.fc games_domain.te</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>gift</td>
|
|
|
|
<td>gift.te gift.fc gift_macros.te</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>gnome +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>gnome.te gnome.fc gnome_macros.te gnome_vfs.te gnome_vfs.fc gnome_vfs_macros.te gnome-pty-helper.te gnome-pty-helper.fc gph_macros.te</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>iceauth +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>iceauth.te iceauth.fc iceauth_macros ice_macros.te(?)</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>imazesrv</td>
|
|
|
|
<td>imazesrv.te imazesrv.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>irc +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>irc.te irc.fc irc_macros.te</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>ircd</td>
|
|
|
|
<td>ircd.te ircd.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>irqbalance +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>irqbalance.te irqbalance.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>jabber</td>
|
|
|
|
<td>jabberd.te jabberd.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>java +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>java.te java.fc java_macros.te</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>lcd</td>
|
|
|
|
<td>lcd.te lcd.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>lockdev +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>lockdev.te lockdev.fc lockdev_macros.te</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>lrr</td>
|
|
|
|
<td>lrrd.te lrrd.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
2005-09-13 20:54:56 +00:00
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>monop</td>
|
|
|
|
<td>monopd.te monopd.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>mplayer +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>mplayer.te mplayer.fc mplayer_macros.te</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>mrtg +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>mrtg.te mrtg.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>nagios</td>
|
|
|
|
<td>nagios.te nagios.fc nrpe.te nrpe.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>nessus</td>
|
|
|
|
<td>nessusd.te nessusd.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>networkmanager *+</td>
|
|
|
|
<td>NetworkManager.te NetworkManager.fc</td>
|
2005-10-19 21:12:22 +00:00
|
|
|
<td>Tresys</td>
|
2005-09-13 21:49:35 +00:00
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>nsd</td>
|
|
|
|
<td>nsd.te nsd.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>nx</td>
|
|
|
|
<td>nx_server.te nx_server.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>oav-update</td>
|
|
|
|
<td>oav-update.te oav-update.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>openca</td>
|
|
|
|
<td>openca-ca.te openca-ca.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>openct +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>openct.te openct.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>orbit +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>orbit.te orbit.fc orbit_macros.te</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>perdition</td>
|
|
|
|
<td>perdition.te perdition.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>portslave</td>
|
|
|
|
<td>portslave.te portslave.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>postfix +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>postfix.te postfix.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>prelink +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>prelink.te prelink.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>print *+</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>cups.te cups.fc lpd.te lpd.fc lpr_macros.te</td>
|
|
|
|
<td>Tresys</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>procmail +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>procmail.te procmail.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>publicfile</td>
|
|
|
|
<td>publicfile.te publicfile.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>pxe</td>
|
|
|
|
<td>pxe.te pxe.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>pyzor</td>
|
2005-09-13 22:01:53 +00:00
|
|
|
<td>pyzor.te pyzor.fc pyzor_macros.te</td>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td></td>
|
|
|
|
</tr>
|
2005-09-13 20:54:56 +00:00
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>razor</td>
|
2005-09-13 22:01:53 +00:00
|
|
|
<td>razor.te razor.fc razor_macros.te</td>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>rdisc</td>
|
|
|
|
<td>rdisc.te rdisc.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>resmgr</td>
|
|
|
|
<td>resmgrd.te resmgrd.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
2005-09-13 22:01:53 +00:00
|
|
|
<tr>
|
|
|
|
<td>rhgb +</td>
|
|
|
|
<td>rhgb.te rhgb.fc rhgb_macros.te</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
2005-09-13 20:54:56 +00:00
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>rpc *+</td>
|
|
|
|
<td>rpcd.te rpcd.fc</td>
|
2005-10-19 21:12:22 +00:00
|
|
|
<td>Tresys</td>
|
2005-09-13 21:49:35 +00:00
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>rssh</td>
|
2005-09-13 22:01:53 +00:00
|
|
|
<td>rssh.te rssh.fc rssh_macros.te</td>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td></td>
|
|
|
|
</tr>
|
2005-09-13 20:54:56 +00:00
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>scannerdaemon</td>
|
|
|
|
<td>scannerdaemon.te scannerdaemon.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>screen +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>screen.te screen.fc screen_macros.te</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>slocate +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>slocate.te slocate.fc slocate_macros.te</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>slrnpull +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>slrnpull.te slrnpull.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>snort</td>
|
|
|
|
<td>snort.te snort.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>sound +</td>
|
|
|
|
<td>alsa.te alsa.fc sound.te sound.fc sound-server.te sound-server.fc</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>spamassassin +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>spamassassin.te spamc.te spamd.te spamassassin.fc spamc.fc spamd.fc spamassassin_macros.te</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>speedtouch</td>
|
|
|
|
<td>speedmgmt.te speedmgmt.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
2005-09-13 20:54:56 +00:00
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>sxid</td>
|
|
|
|
<td>sxid.te sxid.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>sysstat +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>sysstat.te sysstat.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>thunderbird +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>thunderbird.te thunderbird.fc thunderbird_macros.te mail_client_macros.te</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>timidity +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>timidity.te timidity.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>tinydns</td>
|
|
|
|
<td>tinydns.te tinydns.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>transproxy</td>
|
|
|
|
<td>transproxy.te transproxy.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>tripwire</td>
|
|
|
|
<td>tripwire.te tripwire.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>tvtime +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>tvtime.te tvtime.fc tvtime_macros.te</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>ucspi-tcp</td>
|
|
|
|
<td>ucspi-tcp.te ucspi-tcp.fc</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>uml +</td>
|
|
|
|
<td>uml.te uml.fc uml_macros.te uml_net.te uml_net.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>uptimed</td>
|
|
|
|
<td>uptimed.te uptimed.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>userhelper +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>userhelper.te userhelper.fc userhelper_macros.te</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>usernetctl +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>usernetctl.te usernetctl.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>uwimap</td>
|
|
|
|
<td>uwimapd.te uwimapd.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>vmware +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>vmware.te vmware.fc vmware_macros.te</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<tr>
|
|
|
|
<td>watchdog</td>
|
|
|
|
<td>watchdog.te watchdog.fc</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>xdm *+</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>xdm.te xdm.fc xdm_macros.te</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>xfs +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>xfs.te xfs.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<td>xprint</td>
|
|
|
|
<td>xprint.te xprint.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td>xserver +</td>
|
2005-09-13 20:54:56 +00:00
|
|
|
<td>xserver.te xserver.fc xserver_macros.te xauth.te xauth.fc xauth_macros.te</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
2005-09-13 21:49:35 +00:00
|
|
|
<tr>
|
|
|
|
<td>yam</td>
|
|
|
|
<td>yam.te yam.fc</td>
|
|
|
|
<td></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td colspan="3">(*) Modules in the Fedora targeted policy</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td colspan="3">(+) Modules in the Fedora strict policy</td>
|
|
|
|
</tr>
|
2005-09-13 20:54:56 +00:00
|
|
|
</tbody>
|
|
|
|
</table>
|
2005-09-22 18:40:05 +00:00
|
|
|
<!--
|
2005-06-15 20:23:26 +00:00
|
|
|
<h2>Testing Status</h2>
|
|
|
|
<p>
|
2005-08-26 15:36:02 +00:00
|
|
|
The policy as successfully been booted and can run with a Fedora Core 4
|
2005-08-26 15:38:09 +00:00
|
|
|
installation, using a targeted Reference Policy. See the
|
|
|
|
<a href="index.php?page=switch">switching guide</a> to switch a Fedora system
|
|
|
|
over to targeted Reference policy configuration.
|
2005-06-15 20:23:26 +00:00
|
|
|
A very minimal RedHat Enterprise Linux 4 system with the following RPMs has
|
|
|
|
can be successfully booted in enforcing mode, and users can log in locally,
|
2005-08-26 15:28:46 +00:00
|
|
|
with a strict Reference Policy:
|
2005-06-15 20:23:26 +00:00
|
|
|
</p>
|
|
|
|
<ul>
|
|
|
|
<li>libgcc-3.4.3-9.EL4</li>
|
|
|
|
<li>rootfiles-8-1</li>
|
|
|
|
<li>filesystem-2.3.0-1</li>
|
|
|
|
<li>termcap-5.4-3</li>
|
|
|
|
<li>glibc-common-2.3.4-2</li>
|
|
|
|
<li>bzip2-libs-1.0.2-13</li>
|
|
|
|
<li>device-mapper-1.00.19-2</li>
|
|
|
|
<li>elfutils-libelf-0.97-5</li>
|
|
|
|
<li>expat-1.95.7-4</li>
|
|
|
|
<li>glib2-2.4.7-1</li>
|
|
|
|
<li>libattr-2.4.16-3</li>
|
|
|
|
<li>libcap-1.10-20</li>
|
|
|
|
<li>libsepol-1.1.1-2</li>
|
|
|
|
<li>db4-4.2.52-7.1</li>
|
|
|
|
<li>libtermcap-2.0.8-39</li>
|
|
|
|
<li>mktemp-1.5-20</li>
|
|
|
|
<li>iproute-2.6.9-3</li>
|
|
|
|
<li>less-382-4</li>
|
|
|
|
<li>pcre-4.5-3</li>
|
|
|
|
<li>usbutils-0.11-6.1</li>
|
|
|
|
<li>vim-minimal-6.3.046-0.40E.4</li>
|
|
|
|
<li>info-4.7-5</li>
|
|
|
|
<li>diffutils-2.8.1-12</li>
|
|
|
|
<li>gawk-3.1.3-10.1</li>
|
|
|
|
<li>coreutils-5.2.1-31</li>
|
|
|
|
<li>gzip-1.3.3-13</li>
|
|
|
|
<li>module-init-tools-3.1-0.pre5.3</li>
|
|
|
|
<li>procps-3.2.3-7EL</li>
|
|
|
|
<li>sed-4.1.2-4</li>
|
|
|
|
<li>MAKEDEV-3.15-2</li>
|
|
|
|
<li>sysklogd-1.4.1-26_EL</li>
|
|
|
|
<li>cracklib-2.7-29</li>
|
|
|
|
<li>pam-0.77-65.1</li>
|
|
|
|
<li>SysVinit-2.85-34</li>
|
|
|
|
<li>lvm2-2.00.31-1.0.RHEL4</li>
|
|
|
|
<li>kernel-2.6.9-5.0.5.EL</li>
|
|
|
|
<li>libuser-0.52.5-1</li>
|
|
|
|
<li>crontabs-1.10-7</li>
|
|
|
|
<li>tmpwatch-2.9.1-1</li>
|
|
|
|
<li>m4-1.4.1-16</li>
|
|
|
|
<li>mgetty-1.1.31-2</li>
|
|
|
|
<li>time-1.7-25</li>
|
|
|
|
<li>dhclient-3.0.1-12_EL</li>
|
|
|
|
<li>samhain-2.0.6-1</li>
|
|
|
|
<li>hwdata-0.146.1.EL-1</li>
|
|
|
|
<li>redhat-logos-1.1.25-1</li>
|
|
|
|
<li>setup-2.5.37-1.1</li>
|
|
|
|
<li>basesystem-8.0-4</li>
|
|
|
|
<li>tzdata-2004e-2</li>
|
|
|
|
<li>glibc-2.3.4-2</li>
|
|
|
|
<li>beecrypt-3.1.0-6</li>
|
|
|
|
<li>chkconfig-1.3.11.2-1</li>
|
|
|
|
<li>e2fsprogs-1.35-11.6.EL4</li>
|
|
|
|
<li>ethtool-1.8-4</li>
|
|
|
|
<li>gdbm-1.8.0-24</li>
|
|
|
|
<li>iputils-20020927-16</li>
|
|
|
|
<li>libacl-2.2.23-5</li>
|
|
|
|
<li>libselinux-1.19.1-7</li>
|
|
|
|
<li>libstdc++-3.4.3-9.EL4</li>
|
|
|
|
<li>mingetty-1.07-3</li>
|
|
|
|
<li>bash-3.0-19.2</li>
|
|
|
|
<li>ncurses-5.4-13</li>
|
|
|
|
<li>net-tools-1.60-37</li>
|
|
|
|
<li>popt-1.9.1-7_nonptl</li>
|
|
|
|
<li>redhat-release-4AS-2</li>
|
|
|
|
<li>hotplug-2004_04_01-7.2</li>
|
|
|
|
<li>zlib-1.2.1.2-1</li>
|
|
|
|
<li>cpio-2.5-7.EL4.1</li>
|
|
|
|
<li>findutils-4.1.20-7</li>
|
|
|
|
<li>grep-2.5.1-31</li>
|
|
|
|
<li>grub-0.95-3.1</li>
|
|
|
|
<li>readline-4.3-13</li>
|
|
|
|
<li>rpm-libs-4.3.3-7_nonptl</li>
|
|
|
|
<li>shadow-utils-4.0.3-41.1</li>
|
|
|
|
<li>rpm-4.3.3-7_nonptl</li>
|
|
|
|
<li>tar-1.14-4</li>
|
|
|
|
<li>cracklib-dicts-2.7-29</li>
|
|
|
|
<li>policycoreutils-1.18.1-4</li>
|
|
|
|
<li>util-linux-2.12a-16.EL4.6</li>
|
|
|
|
<li>udev-039-10.8.EL4</li>
|
|
|
|
<li>initscripts-7.93.11.EL-1</li>
|
|
|
|
<li>mkinitrd-4.1.18-2</li>
|
|
|
|
<li>passwd-0.68-10</li>
|
|
|
|
<li>bzip2-1.0.2-13</li>
|
|
|
|
<li>logrotate-3.7.1-2</li>
|
|
|
|
<li>libxml2-2.6.16-6</li>
|
|
|
|
<li>make-3.80-5</li>
|
|
|
|
<li>iptables-1.2.11-3.1.RHEL4</li>
|
|
|
|
<li>vixie-cron-4.1-20_EL</li>
|
|
|
|
<li>comps-4AS-0.20050107</li>
|
|
|
|
</ul>
|
2005-09-22 18:40:05 +00:00
|
|
|
-->
|