pre-release update
This commit is contained in:
parent
b9d3b24e01
commit
67b8998fde
@ -1,3 +1,47 @@
|
|||||||
|
- Add unlabeled IPSEC association to domains with
|
||||||
|
networking permsiisions.
|
||||||
|
- Merge systemuser back in to users, as these files
|
||||||
|
do not need to be split.
|
||||||
|
- Add check for duplicate interface/template definitions.
|
||||||
|
- Move domain, files, and corecommands modules to kernel
|
||||||
|
layer to resolve some layering inconsistencies.
|
||||||
|
- Move policy build options out of Makefile into build.conf.
|
||||||
|
- Add yppasswd to nis module.
|
||||||
|
- Change optional_policy() to refer to the module name
|
||||||
|
rather than modulename.te.
|
||||||
|
- Fix labeling targets to use installed file_contexts rather
|
||||||
|
than partial file_contexts in the policy source directory.
|
||||||
|
- Fix build process to use make's internal vpath functions
|
||||||
|
to detect modules rather than using subshells and find.
|
||||||
|
- Add install target for modular policy.
|
||||||
|
- Add load target for modular policy.
|
||||||
|
- Add appconfig dependency to the load target.
|
||||||
|
- Miscellaneous fixes from Dan Walsh.
|
||||||
|
- Fix corenetwork gen_context()'s to expand during the policy
|
||||||
|
build phase instead of during the generation phase.
|
||||||
|
- Added policies:
|
||||||
|
amanda
|
||||||
|
avahi
|
||||||
|
canna
|
||||||
|
cyrus
|
||||||
|
dbskk
|
||||||
|
dovecot
|
||||||
|
distcc
|
||||||
|
i18n_input
|
||||||
|
irqbalance
|
||||||
|
lpd
|
||||||
|
networkmanager
|
||||||
|
pegasus
|
||||||
|
postfix
|
||||||
|
procmail
|
||||||
|
radius
|
||||||
|
rdisc
|
||||||
|
rpc
|
||||||
|
spamassassin
|
||||||
|
timidity
|
||||||
|
xdm
|
||||||
|
xfs
|
||||||
|
|
||||||
* Wed Oct 19 2005 Chris PeBenito <selinux@tresys.com> - 20051019
|
* Wed Oct 19 2005 Chris PeBenito <selinux@tresys.com> - 20051019
|
||||||
- Many fixes to make loadable modules build.
|
- Many fixes to make loadable modules build.
|
||||||
- Add targets for sechecker.
|
- Add targets for sechecker.
|
||||||
@ -27,7 +71,6 @@
|
|||||||
mailman
|
mailman
|
||||||
ppp
|
ppp
|
||||||
radvd
|
radvd
|
||||||
radius
|
|
||||||
sasl
|
sasl
|
||||||
webalizer
|
webalizer
|
||||||
|
|
||||||
|
@ -11,6 +11,18 @@
|
|||||||
now be built with a compiler that has the require-in-conditionals,
|
now be built with a compiler that has the require-in-conditionals,
|
||||||
delcare-then-require, and stack-overflow patches applied.
|
delcare-then-require, and stack-overflow patches applied.
|
||||||
</p>
|
</p>
|
||||||
|
<!--
|
||||||
|
<strong>Current Version: 20051207</strong>
|
||||||
|
<p>
|
||||||
|
See <a href="index.php?page=download">download</a> for download
|
||||||
|
information. Details of this release are part of the <a href="html/Changelog.txt">changelog</a>.
|
||||||
|
This release focused on preparating the policy for use as the Fedora
|
||||||
|
Core targeted policy. Currently both strict and targeted policies can
|
||||||
|
be built. MLS policies can be built, but the policy has not been tested
|
||||||
|
on running systems. MCS support has also been added, and is being tested
|
||||||
|
with the targeted policy in the Fedora development repositories (Rawhide).
|
||||||
|
</p>
|
||||||
|
-->
|
||||||
<p> </p>
|
<p> </p>
|
||||||
<h2>Status and Tasks</h2>
|
<h2>Status and Tasks</h2>
|
||||||
<table border="1" cellspacing="0" cellpadding="3">
|
<table border="1" cellspacing="0" cellpadding="3">
|
||||||
@ -72,7 +84,8 @@
|
|||||||
<td>Minor improvements</td>
|
<td>Minor improvements</td>
|
||||||
<td>MLS infrastructure has been extended to support MCS
|
<td>MLS infrastructure has been extended to support MCS
|
||||||
categories in users and all contexts. MCS constraints
|
categories in users and all contexts. MCS constraints
|
||||||
have been added. Policy is compilable, but untested.</td>
|
have been added. Policy has been tested in the
|
||||||
|
targeted-mcs policy configuration.</td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<td>Network Infrastructure</td>
|
<td>Network Infrastructure</td>
|
||||||
@ -121,12 +134,6 @@
|
|||||||
<td>Headers for the policy, describing object classes, and
|
<td>Headers for the policy, describing object classes, and
|
||||||
their permissions. No planned changes.</td>
|
their permissions. No planned changes.</td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
|
||||||
<td>Genhomedircon</td>
|
|
||||||
<td>Unchanged</td>
|
|
||||||
<td>Tool to properly label users' home directories.
|
|
||||||
No planned changes</td>
|
|
||||||
</tr>
|
|
||||||
</table>
|
</table>
|
||||||
<p> </p>
|
<p> </p>
|
||||||
<h2>Roadmap</h2>
|
<h2>Roadmap</h2>
|
||||||
@ -217,7 +224,7 @@ converted:
|
|||||||
<tr>
|
<tr>
|
||||||
<td>automount +</td>
|
<td>automount +</td>
|
||||||
<td>automount.te automount.fc</td>
|
<td>automount.te automount.fc</td>
|
||||||
<td></td>
|
<td>Tresys</td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<td>backup</td>
|
<td>backup</td>
|
||||||
@ -247,7 +254,7 @@ converted:
|
|||||||
<tr>
|
<tr>
|
||||||
<td>certwatch +</td>
|
<td>certwatch +</td>
|
||||||
<td>certwatch.te certwatch.fc</td>
|
<td>certwatch.te certwatch.fc</td>
|
||||||
<td></td>
|
<td>Tresys</td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<td>cipe</td>
|
<td>cipe</td>
|
||||||
@ -317,7 +324,7 @@ converted:
|
|||||||
<tr>
|
<tr>
|
||||||
<td>fetchmail +</td>
|
<td>fetchmail +</td>
|
||||||
<td>fetchmail.te fetchmail.fc</td>
|
<td>fetchmail.te fetchmail.fc</td>
|
||||||
<td></td>
|
<td>Tresys</td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<td>fontconfig +</td>
|
<td>fontconfig +</td>
|
||||||
@ -369,11 +376,6 @@ converted:
|
|||||||
<td>ircd.te ircd.fc</td>
|
<td>ircd.te ircd.fc</td>
|
||||||
<td></td>
|
<td></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
|
||||||
<td>irqbalance +</td>
|
|
||||||
<td>irqbalance.te irqbalance.fc</td>
|
|
||||||
<td></td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
<tr>
|
||||||
<td>jabber</td>
|
<td>jabber</td>
|
||||||
<td>jabberd.te jabberd.fc</td>
|
<td>jabberd.te jabberd.fc</td>
|
||||||
@ -539,11 +541,6 @@ converted:
|
|||||||
<td>alsa.te alsa.fc sound.te sound.fc sound-server.te sound-server.fc</td>
|
<td>alsa.te alsa.fc sound.te sound.fc sound-server.te sound-server.fc</td>
|
||||||
<td></td>
|
<td></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
|
||||||
<td>spamassassin +</td>
|
|
||||||
<td>spamassassin.te spamc.te spamd.te spamassassin.fc spamc.fc spamd.fc spamassassin_macros.te</td>
|
|
||||||
<td>Tresys</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
<tr>
|
||||||
<td>speedtouch</td>
|
<td>speedtouch</td>
|
||||||
<td>speedmgmt.te speedmgmt.fc</td>
|
<td>speedmgmt.te speedmgmt.fc</td>
|
||||||
@ -557,7 +554,7 @@ converted:
|
|||||||
<tr>
|
<tr>
|
||||||
<td>sysstat +</td>
|
<td>sysstat +</td>
|
||||||
<td>sysstat.te sysstat.fc</td>
|
<td>sysstat.te sysstat.fc</td>
|
||||||
<td></td>
|
<td>Tresys</td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<td>thunderbird +</td>
|
<td>thunderbird +</td>
|
||||||
@ -634,11 +631,6 @@ converted:
|
|||||||
<td>xdm.te xdm.fc xdm_macros.te</td>
|
<td>xdm.te xdm.fc xdm_macros.te</td>
|
||||||
<td>Tresys</td>
|
<td>Tresys</td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
|
||||||
<td>xfs +</td>
|
|
||||||
<td>xfs.te xfs.fc</td>
|
|
||||||
<td></td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
<tr>
|
||||||
<td>xprint</td>
|
<td>xprint</td>
|
||||||
<td>xprint.te xprint.fc</td>
|
<td>xprint.te xprint.fc</td>
|
||||||
@ -662,107 +654,11 @@ converted:
|
|||||||
</tr>
|
</tr>
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
<!--
|
|
||||||
<h2>Testing Status</h2>
|
<h2>Testing Status</h2>
|
||||||
<p>
|
<p>
|
||||||
The policy as successfully been booted and can run with a Fedora Core 4
|
Reference policy is now included in the Fedora development repositories
|
||||||
installation, using a targeted Reference Policy. See the
|
(Rawhide) in the targeted and MLS policies. These are the easiest way to test
|
||||||
<a href="index.php?page=switch">switching guide</a> to switch a Fedora system
|
Reference Policy. They should be included in Fedora, beginning with Core 5
|
||||||
over to targeted Reference policy configuration.
|
test 2.
|
||||||
A very minimal RedHat Enterprise Linux 4 system with the following RPMs has
|
|
||||||
can be successfully booted in enforcing mode, and users can log in locally,
|
|
||||||
with a strict Reference Policy:
|
|
||||||
</p>
|
</p>
|
||||||
<ul>
|
|
||||||
<li>libgcc-3.4.3-9.EL4</li>
|
|
||||||
<li>rootfiles-8-1</li>
|
|
||||||
<li>filesystem-2.3.0-1</li>
|
|
||||||
<li>termcap-5.4-3</li>
|
|
||||||
<li>glibc-common-2.3.4-2</li>
|
|
||||||
<li>bzip2-libs-1.0.2-13</li>
|
|
||||||
<li>device-mapper-1.00.19-2</li>
|
|
||||||
<li>elfutils-libelf-0.97-5</li>
|
|
||||||
<li>expat-1.95.7-4</li>
|
|
||||||
<li>glib2-2.4.7-1</li>
|
|
||||||
<li>libattr-2.4.16-3</li>
|
|
||||||
<li>libcap-1.10-20</li>
|
|
||||||
<li>libsepol-1.1.1-2</li>
|
|
||||||
<li>db4-4.2.52-7.1</li>
|
|
||||||
<li>libtermcap-2.0.8-39</li>
|
|
||||||
<li>mktemp-1.5-20</li>
|
|
||||||
<li>iproute-2.6.9-3</li>
|
|
||||||
<li>less-382-4</li>
|
|
||||||
<li>pcre-4.5-3</li>
|
|
||||||
<li>usbutils-0.11-6.1</li>
|
|
||||||
<li>vim-minimal-6.3.046-0.40E.4</li>
|
|
||||||
<li>info-4.7-5</li>
|
|
||||||
<li>diffutils-2.8.1-12</li>
|
|
||||||
<li>gawk-3.1.3-10.1</li>
|
|
||||||
<li>coreutils-5.2.1-31</li>
|
|
||||||
<li>gzip-1.3.3-13</li>
|
|
||||||
<li>module-init-tools-3.1-0.pre5.3</li>
|
|
||||||
<li>procps-3.2.3-7EL</li>
|
|
||||||
<li>sed-4.1.2-4</li>
|
|
||||||
<li>MAKEDEV-3.15-2</li>
|
|
||||||
<li>sysklogd-1.4.1-26_EL</li>
|
|
||||||
<li>cracklib-2.7-29</li>
|
|
||||||
<li>pam-0.77-65.1</li>
|
|
||||||
<li>SysVinit-2.85-34</li>
|
|
||||||
<li>lvm2-2.00.31-1.0.RHEL4</li>
|
|
||||||
<li>kernel-2.6.9-5.0.5.EL</li>
|
|
||||||
<li>libuser-0.52.5-1</li>
|
|
||||||
<li>crontabs-1.10-7</li>
|
|
||||||
<li>tmpwatch-2.9.1-1</li>
|
|
||||||
<li>m4-1.4.1-16</li>
|
|
||||||
<li>mgetty-1.1.31-2</li>
|
|
||||||
<li>time-1.7-25</li>
|
|
||||||
<li>dhclient-3.0.1-12_EL</li>
|
|
||||||
<li>samhain-2.0.6-1</li>
|
|
||||||
<li>hwdata-0.146.1.EL-1</li>
|
|
||||||
<li>redhat-logos-1.1.25-1</li>
|
|
||||||
<li>setup-2.5.37-1.1</li>
|
|
||||||
<li>basesystem-8.0-4</li>
|
|
||||||
<li>tzdata-2004e-2</li>
|
|
||||||
<li>glibc-2.3.4-2</li>
|
|
||||||
<li>beecrypt-3.1.0-6</li>
|
|
||||||
<li>chkconfig-1.3.11.2-1</li>
|
|
||||||
<li>e2fsprogs-1.35-11.6.EL4</li>
|
|
||||||
<li>ethtool-1.8-4</li>
|
|
||||||
<li>gdbm-1.8.0-24</li>
|
|
||||||
<li>iputils-20020927-16</li>
|
|
||||||
<li>libacl-2.2.23-5</li>
|
|
||||||
<li>libselinux-1.19.1-7</li>
|
|
||||||
<li>libstdc++-3.4.3-9.EL4</li>
|
|
||||||
<li>mingetty-1.07-3</li>
|
|
||||||
<li>bash-3.0-19.2</li>
|
|
||||||
<li>ncurses-5.4-13</li>
|
|
||||||
<li>net-tools-1.60-37</li>
|
|
||||||
<li>popt-1.9.1-7_nonptl</li>
|
|
||||||
<li>redhat-release-4AS-2</li>
|
|
||||||
<li>hotplug-2004_04_01-7.2</li>
|
|
||||||
<li>zlib-1.2.1.2-1</li>
|
|
||||||
<li>cpio-2.5-7.EL4.1</li>
|
|
||||||
<li>findutils-4.1.20-7</li>
|
|
||||||
<li>grep-2.5.1-31</li>
|
|
||||||
<li>grub-0.95-3.1</li>
|
|
||||||
<li>readline-4.3-13</li>
|
|
||||||
<li>rpm-libs-4.3.3-7_nonptl</li>
|
|
||||||
<li>shadow-utils-4.0.3-41.1</li>
|
|
||||||
<li>rpm-4.3.3-7_nonptl</li>
|
|
||||||
<li>tar-1.14-4</li>
|
|
||||||
<li>cracklib-dicts-2.7-29</li>
|
|
||||||
<li>policycoreutils-1.18.1-4</li>
|
|
||||||
<li>util-linux-2.12a-16.EL4.6</li>
|
|
||||||
<li>udev-039-10.8.EL4</li>
|
|
||||||
<li>initscripts-7.93.11.EL-1</li>
|
|
||||||
<li>mkinitrd-4.1.18-2</li>
|
|
||||||
<li>passwd-0.68-10</li>
|
|
||||||
<li>bzip2-1.0.2-13</li>
|
|
||||||
<li>logrotate-3.7.1-2</li>
|
|
||||||
<li>libxml2-2.6.16-6</li>
|
|
||||||
<li>make-3.80-5</li>
|
|
||||||
<li>iptables-1.2.11-3.1.RHEL4</li>
|
|
||||||
<li>vixie-cron-4.1-20_EL</li>
|
|
||||||
<li>comps-4AS-0.20050107</li>
|
|
||||||
</ul>
|
|
||||||
-->
|
|
||||||
|
@ -1,8 +1,10 @@
|
|||||||
<h1>Switching to Targeted Reference Policy</h1>
|
<h1>Switching to Targeted Reference Policy</h1>
|
||||||
<p>
|
<p>
|
||||||
|
The targeted policy is now available on Fedora systems in the
|
||||||
|
development repositories (Rawhide), as selinux-policy-targeted 2.*.
|
||||||
|
If you are using Rawhide, simply update your policy using yum.
|
||||||
This guide will walk you through switching to the targeted reference
|
This guide will walk you through switching to the targeted reference
|
||||||
policy on a Fedora system. Note: Reference Policy should not yet
|
policy on a Fedora system not using these repositories.
|
||||||
be used on production systems.
|
|
||||||
<p>
|
<p>
|
||||||
<h2>
|
<h2>
|
||||||
Download and unpack the policy
|
Download and unpack the policy
|
||||||
|
Loading…
Reference in New Issue
Block a user