pre-release update

This commit is contained in:
Chris PeBenito 2005-12-06 21:28:21 +00:00
parent b9d3b24e01
commit 67b8998fde
3 changed files with 71 additions and 130 deletions

View File

@ -1,3 +1,47 @@
- Add unlabeled IPSEC association to domains with
networking permsiisions.
- Merge systemuser back in to users, as these files
do not need to be split.
- Add check for duplicate interface/template definitions.
- Move domain, files, and corecommands modules to kernel
layer to resolve some layering inconsistencies.
- Move policy build options out of Makefile into build.conf.
- Add yppasswd to nis module.
- Change optional_policy() to refer to the module name
rather than modulename.te.
- Fix labeling targets to use installed file_contexts rather
than partial file_contexts in the policy source directory.
- Fix build process to use make's internal vpath functions
to detect modules rather than using subshells and find.
- Add install target for modular policy.
- Add load target for modular policy.
- Add appconfig dependency to the load target.
- Miscellaneous fixes from Dan Walsh.
- Fix corenetwork gen_context()'s to expand during the policy
build phase instead of during the generation phase.
- Added policies:
amanda
avahi
canna
cyrus
dbskk
dovecot
distcc
i18n_input
irqbalance
lpd
networkmanager
pegasus
postfix
procmail
radius
rdisc
rpc
spamassassin
timidity
xdm
xfs
* Wed Oct 19 2005 Chris PeBenito <selinux@tresys.com> - 20051019 * Wed Oct 19 2005 Chris PeBenito <selinux@tresys.com> - 20051019
- Many fixes to make loadable modules build. - Many fixes to make loadable modules build.
- Add targets for sechecker. - Add targets for sechecker.
@ -27,7 +71,6 @@
mailman mailman
ppp ppp
radvd radvd
radius
sasl sasl
webalizer webalizer

View File

@ -11,6 +11,18 @@
now be built with a compiler that has the require-in-conditionals, now be built with a compiler that has the require-in-conditionals,
delcare-then-require, and stack-overflow patches applied. delcare-then-require, and stack-overflow patches applied.
</p> </p>
<!--
<strong>Current Version: 20051207</strong>
<p>
See <a href="index.php?page=download">download</a> for download
information. Details of this release are part of the <a href="html/Changelog.txt">changelog</a>.
This release focused on preparating the policy for use as the Fedora
Core targeted policy. Currently both strict and targeted policies can
be built. MLS policies can be built, but the policy has not been tested
on running systems. MCS support has also been added, and is being tested
with the targeted policy in the Fedora development repositories (Rawhide).
</p>
-->
<p>&nbsp;</p> <p>&nbsp;</p>
<h2>Status and Tasks</h2> <h2>Status and Tasks</h2>
<table border="1" cellspacing="0" cellpadding="3"> <table border="1" cellspacing="0" cellpadding="3">
@ -72,7 +84,8 @@
<td>Minor improvements</td> <td>Minor improvements</td>
<td>MLS infrastructure has been extended to support MCS <td>MLS infrastructure has been extended to support MCS
categories in users and all contexts. MCS constraints categories in users and all contexts. MCS constraints
have been added. Policy is compilable, but untested.</td> have been added. Policy has been tested in the
targeted-mcs policy configuration.</td>
</tr> </tr>
<tr> <tr>
<td>Network Infrastructure</td> <td>Network Infrastructure</td>
@ -121,12 +134,6 @@
<td>Headers for the policy, describing object classes, and <td>Headers for the policy, describing object classes, and
their permissions. No planned changes.</td> their permissions. No planned changes.</td>
</tr> </tr>
<tr>
<td>Genhomedircon</td>
<td>Unchanged</td>
<td>Tool to properly label users' home directories.
No planned changes</td>
</tr>
</table> </table>
<p>&nbsp;</p> <p>&nbsp;</p>
<h2>Roadmap</h2> <h2>Roadmap</h2>
@ -217,7 +224,7 @@ converted:
<tr> <tr>
<td>automount +</td> <td>automount +</td>
<td>automount.te automount.fc</td> <td>automount.te automount.fc</td>
<td></td> <td>Tresys</td>
</tr> </tr>
<tr> <tr>
<td>backup</td> <td>backup</td>
@ -247,7 +254,7 @@ converted:
<tr> <tr>
<td>certwatch +</td> <td>certwatch +</td>
<td>certwatch.te certwatch.fc</td> <td>certwatch.te certwatch.fc</td>
<td></td> <td>Tresys</td>
</tr> </tr>
<tr> <tr>
<td>cipe</td> <td>cipe</td>
@ -317,7 +324,7 @@ converted:
<tr> <tr>
<td>fetchmail +</td> <td>fetchmail +</td>
<td>fetchmail.te fetchmail.fc</td> <td>fetchmail.te fetchmail.fc</td>
<td></td> <td>Tresys</td>
</tr> </tr>
<tr> <tr>
<td>fontconfig +</td> <td>fontconfig +</td>
@ -369,11 +376,6 @@ converted:
<td>ircd.te ircd.fc</td> <td>ircd.te ircd.fc</td>
<td></td> <td></td>
</tr> </tr>
<tr>
<td>irqbalance +</td>
<td>irqbalance.te irqbalance.fc</td>
<td></td>
</tr>
<tr> <tr>
<td>jabber</td> <td>jabber</td>
<td>jabberd.te jabberd.fc</td> <td>jabberd.te jabberd.fc</td>
@ -539,11 +541,6 @@ converted:
<td>alsa.te alsa.fc sound.te sound.fc sound-server.te sound-server.fc</td> <td>alsa.te alsa.fc sound.te sound.fc sound-server.te sound-server.fc</td>
<td></td> <td></td>
</tr> </tr>
<tr>
<td>spamassassin +</td>
<td>spamassassin.te spamc.te spamd.te spamassassin.fc spamc.fc spamd.fc spamassassin_macros.te</td>
<td>Tresys</td>
</tr>
<tr> <tr>
<td>speedtouch</td> <td>speedtouch</td>
<td>speedmgmt.te speedmgmt.fc</td> <td>speedmgmt.te speedmgmt.fc</td>
@ -557,7 +554,7 @@ converted:
<tr> <tr>
<td>sysstat +</td> <td>sysstat +</td>
<td>sysstat.te sysstat.fc</td> <td>sysstat.te sysstat.fc</td>
<td></td> <td>Tresys</td>
</tr> </tr>
<tr> <tr>
<td>thunderbird +</td> <td>thunderbird +</td>
@ -634,11 +631,6 @@ converted:
<td>xdm.te xdm.fc xdm_macros.te</td> <td>xdm.te xdm.fc xdm_macros.te</td>
<td>Tresys</td> <td>Tresys</td>
</tr> </tr>
<tr>
<td>xfs +</td>
<td>xfs.te xfs.fc</td>
<td></td>
</tr>
<tr> <tr>
<td>xprint</td> <td>xprint</td>
<td>xprint.te xprint.fc</td> <td>xprint.te xprint.fc</td>
@ -662,107 +654,11 @@ converted:
</tr> </tr>
</tbody> </tbody>
</table> </table>
<!--
<h2>Testing Status</h2> <h2>Testing Status</h2>
<p> <p>
The policy as successfully been booted and can run with a Fedora Core 4 Reference policy is now included in the Fedora development repositories
installation, using a targeted Reference Policy. See the (Rawhide) in the targeted and MLS policies. These are the easiest way to test
<a href="index.php?page=switch">switching guide</a> to switch a Fedora system Reference Policy. They should be included in Fedora, beginning with Core 5
over to targeted Reference policy configuration. test 2.
A very minimal RedHat Enterprise Linux 4 system with the following RPMs has
can be successfully booted in enforcing mode, and users can log in locally,
with a strict Reference Policy:
</p> </p>
<ul>
<li>libgcc-3.4.3-9.EL4</li>
<li>rootfiles-8-1</li>
<li>filesystem-2.3.0-1</li>
<li>termcap-5.4-3</li>
<li>glibc-common-2.3.4-2</li>
<li>bzip2-libs-1.0.2-13</li>
<li>device-mapper-1.00.19-2</li>
<li>elfutils-libelf-0.97-5</li>
<li>expat-1.95.7-4</li>
<li>glib2-2.4.7-1</li>
<li>libattr-2.4.16-3</li>
<li>libcap-1.10-20</li>
<li>libsepol-1.1.1-2</li>
<li>db4-4.2.52-7.1</li>
<li>libtermcap-2.0.8-39</li>
<li>mktemp-1.5-20</li>
<li>iproute-2.6.9-3</li>
<li>less-382-4</li>
<li>pcre-4.5-3</li>
<li>usbutils-0.11-6.1</li>
<li>vim-minimal-6.3.046-0.40E.4</li>
<li>info-4.7-5</li>
<li>diffutils-2.8.1-12</li>
<li>gawk-3.1.3-10.1</li>
<li>coreutils-5.2.1-31</li>
<li>gzip-1.3.3-13</li>
<li>module-init-tools-3.1-0.pre5.3</li>
<li>procps-3.2.3-7EL</li>
<li>sed-4.1.2-4</li>
<li>MAKEDEV-3.15-2</li>
<li>sysklogd-1.4.1-26_EL</li>
<li>cracklib-2.7-29</li>
<li>pam-0.77-65.1</li>
<li>SysVinit-2.85-34</li>
<li>lvm2-2.00.31-1.0.RHEL4</li>
<li>kernel-2.6.9-5.0.5.EL</li>
<li>libuser-0.52.5-1</li>
<li>crontabs-1.10-7</li>
<li>tmpwatch-2.9.1-1</li>
<li>m4-1.4.1-16</li>
<li>mgetty-1.1.31-2</li>
<li>time-1.7-25</li>
<li>dhclient-3.0.1-12_EL</li>
<li>samhain-2.0.6-1</li>
<li>hwdata-0.146.1.EL-1</li>
<li>redhat-logos-1.1.25-1</li>
<li>setup-2.5.37-1.1</li>
<li>basesystem-8.0-4</li>
<li>tzdata-2004e-2</li>
<li>glibc-2.3.4-2</li>
<li>beecrypt-3.1.0-6</li>
<li>chkconfig-1.3.11.2-1</li>
<li>e2fsprogs-1.35-11.6.EL4</li>
<li>ethtool-1.8-4</li>
<li>gdbm-1.8.0-24</li>
<li>iputils-20020927-16</li>
<li>libacl-2.2.23-5</li>
<li>libselinux-1.19.1-7</li>
<li>libstdc++-3.4.3-9.EL4</li>
<li>mingetty-1.07-3</li>
<li>bash-3.0-19.2</li>
<li>ncurses-5.4-13</li>
<li>net-tools-1.60-37</li>
<li>popt-1.9.1-7_nonptl</li>
<li>redhat-release-4AS-2</li>
<li>hotplug-2004_04_01-7.2</li>
<li>zlib-1.2.1.2-1</li>
<li>cpio-2.5-7.EL4.1</li>
<li>findutils-4.1.20-7</li>
<li>grep-2.5.1-31</li>
<li>grub-0.95-3.1</li>
<li>readline-4.3-13</li>
<li>rpm-libs-4.3.3-7_nonptl</li>
<li>shadow-utils-4.0.3-41.1</li>
<li>rpm-4.3.3-7_nonptl</li>
<li>tar-1.14-4</li>
<li>cracklib-dicts-2.7-29</li>
<li>policycoreutils-1.18.1-4</li>
<li>util-linux-2.12a-16.EL4.6</li>
<li>udev-039-10.8.EL4</li>
<li>initscripts-7.93.11.EL-1</li>
<li>mkinitrd-4.1.18-2</li>
<li>passwd-0.68-10</li>
<li>bzip2-1.0.2-13</li>
<li>logrotate-3.7.1-2</li>
<li>libxml2-2.6.16-6</li>
<li>make-3.80-5</li>
<li>iptables-1.2.11-3.1.RHEL4</li>
<li>vixie-cron-4.1-20_EL</li>
<li>comps-4AS-0.20050107</li>
</ul>
-->

View File

@ -1,8 +1,10 @@
<h1>Switching to Targeted Reference Policy</h1> <h1>Switching to Targeted Reference Policy</h1>
<p> <p>
The targeted policy is now available on Fedora systems in the
development repositories (Rawhide), as selinux-policy-targeted 2.*.
If you are using Rawhide, simply update your policy using yum.
This guide will walk you through switching to the targeted reference This guide will walk you through switching to the targeted reference
policy on a Fedora system. Note: Reference Policy should not yet policy on a Fedora system not using these repositories.
be used on production systems.
<p> <p>
<h2> <h2>
Download and unpack the policy Download and unpack the policy