Various updates.
This commit is contained in:
parent
5e0da6a03e
commit
9f945bcc2d
@ -0,0 +1 @@
|
||||
<h1>Documentation</h1>
|
@ -1,46 +1,44 @@
|
||||
<h1>Project Overview</h1>
|
||||
<p>
|
||||
The SELinux Reference Policy project (refpolicy) is creating a complete SELinux policy as an alternative to the existing strict and targeted policies. What will set refpolicy apart?
|
||||
|
||||
The SELinux Reference Policy project (refpolicy) is creating a complete SELinux policy as an alternative to the existing strict and targeted policies available from <a href="http://selinux.sf.net>selinux.sf.net</a>. What will set refpolicy apart?
|
||||
</p>
|
||||
<ul>
|
||||
<li>Security: refpolicy has a mandate to develop security goals that are clear and rigoursly applied</li>
|
||||
<li>Security: refpolicy has a mandate to develop security goals that are clear and rigoursly applied</li>
|
||||
<li>Usability: refpolicy will be easier to understand and use.</li>
|
||||
<li>Documentation: refpolicy has a structure that makes it possible to create in-depth documentation.
|
||||
<li>Flexibility: refpolicy will support source, loadable, and MLS modules with simple configuration.</li>
|
||||
<li>Documentation: refpolicy has a structure that makes it possible to create in-depth documentation.
|
||||
<li>Flexibility: refpolicy will support source, loadable, and MLS modules with simple configuration.</li>
|
||||
</ul>
|
||||
Refpolicy is under active development, with support and full time development staff at <a href="http://www.tresys.com">Tresys Technology</a>. We are looking for policy developers interested in <a href="contributing.html">contributing</a>.
|
||||
<p>
|
||||
Refpolicy is under active development, with support and full time development staff from <a href="http://www.tresys.com">Tresys Technology</a>. We are looking for policy developers interested in <a href="contributing.html">contributing</a>.
|
||||
</p>
|
||||
<h2>Background</h2>
|
||||
|
||||
<P>
|
||||
The purpose of this document is to serve as a blueprint to policy developers
|
||||
and serves as the initial means for communicating the motivations, approach and
|
||||
goals of the <i>SELinux Reference Policy</i> development project. This document
|
||||
is intended for SELinux policy developers and other members of the SELinux
|
||||
development community interested in building a secure foundation upon which to
|
||||
build high-assurance solutions using SELinux. The reference policy will provide
|
||||
a carefully designed and consistent system security policy that can be used as
|
||||
a basis for developing secure solutions using SELinux.
|
||||
</p>
|
||||
<h2>Roadmap</h2>
|
||||
|
||||
<h3>Background and Motivation</h3>
|
||||
<P>
|
||||
One of the key motivations for this project is the drive to get SELinux
|
||||
mainstreamed into commercial products. True, SELinux is currently being
|
||||
incorporated into various commercial distributions, but clearly, widespread
|
||||
adoption of SELinux as a commercial product eventually will require the
|
||||
operating system to be certified. Efforts are already underway by IBM for
|
||||
SELinux to undergo a Common Criteria evaluation under the Labeled Security
|
||||
Protection Profile (LSPP). Furthermore, SELinux needs a more robust policy
|
||||
structure upon which to build high-assurance solutions, such as intrusion
|
||||
detection systems (IDS), cross-domain solutions, etc., particularly for
|
||||
government and DoD security-critical missions.
|
||||
</p>
|
||||
<table border="1" cellspacing="0" cellpadding="3">
|
||||
<tr>
|
||||
<th class="title" colspan="3">Reference Policy Roadmap</th>
|
||||
</tr>
|
||||
|
||||
<P>
|
||||
Unfortunately, the current "strict" policy for SELinux does not meet the
|
||||
requirements of high security systems. The policy chooses functionality over
|
||||
security, with the implicit goal of not breaking legacy application behavior.
|
||||
Additionally, it has no clear security goals and those that exist are not
|
||||
rigorously followed or are ignored to preserve functionality. Furthermore,
|
||||
complexity is increasing in the policy and the situation is not improving.
|
||||
</p>
|
||||
<tr>
|
||||
<td class="header">Version</td><td class="header">Date</td><td class="header">Description</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td>0.1</td><td>June 14, 2005</td><td>Initial public release, basic policy restructuring, minimal modules</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>0.2</td><td>July 2005</td><td>Restructuring complete, additional modules, improved infrastructure, and incorporated community feedback</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>0.3</td><td>August 2005</td><td>Additional modules, basic role infrastructure, and tested loadable module support</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>0.4</td><td>September 2005</td><td>Additional modules and complete role infrastructure and role separation</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>0.5</td><td>October 2005</td><td>Additional modules, targeted policy, and tested MLS support</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>0.6</td><td>December 2005</td><td>Additional modules and module variations</td>
|
||||
</tr>
|
||||
|
@ -1,7 +1,7 @@
|
||||
<a href="index.php">Home</a><br />
|
||||
<a href="documentation.html">Documentation</a> - <br />
|
||||
<a href="status.html">Status</a> - <br />
|
||||
<a href="contributing.html">Contributing</a> - <br />
|
||||
<a href="index.php">Reference Policy</a><br />
|
||||
<a href="index.php?page=documentation">Documentation</a> - <br />
|
||||
<a href="index.php?page=status">Status</a> - <br />
|
||||
<a href="index.php?page=contributing">Contributing</a> - <br />
|
||||
<a href="http://sourceforge.net/project/showfiles.php?group_id=???">Download</a> - <br />
|
||||
<a href="http://sourceforge.net"><IMG src="http://sourceforge.net/sflogo.php?group_id=???&type=1" w
|
||||
idth="88" height="31" border="0" alt="SourceForge.net Logo" /></A>
|
||||
|
@ -0,0 +1,5 @@
|
||||
<h1>Status</h1>
|
||||
<h2>Version .1</h2>
|
||||
<p>
|
||||
Version .1 of refpolicy was released on June 14, 2005. See <a href="index.php?page=download">download</a> for download information. This release focused on infrastructure, organization, and initial design rather than comprehensive policy coverage or security improvements.
|
||||
</p>
|
@ -9,7 +9,7 @@
|
||||
|
||||
require_once (SMARTY_DIR."Smarty.class.php");
|
||||
$smarty = new Smarty;
|
||||
$smarty->compile_dir = "/home/groups/s/se/sepolicy-server/t_c";
|
||||
$smarty->compile_dir = "/home/groups/s/se/serefpolicy/t_c";
|
||||
$smarty->template_dir = "$fixpath/html";
|
||||
|
||||
$smarty->assign("border", "0");
|
||||
|
@ -13,19 +13,50 @@ h1 {
|
||||
font-weight:900;
|
||||
color:#ccc;
|
||||
}
|
||||
h2 {
|
||||
font-size:100%;
|
||||
}
|
||||
h3 {
|
||||
font-size:75%;
|
||||
}
|
||||
h4 {
|
||||
font-size:67%;
|
||||
}
|
||||
li {
|
||||
font:11px/20px verdana, arial, helvetica, sans-serif;
|
||||
margin:0px 0px 0px 0px;
|
||||
padding:0px;
|
||||
}
|
||||
p {
|
||||
/* normal */
|
||||
font:11px/20px verdana, arial, helvetica, sans-serif;
|
||||
margin:0px 0px 16px 0px;
|
||||
padding:0px;
|
||||
}
|
||||
|
||||
tt {
|
||||
/* inline code */
|
||||
font-family: monospace;
|
||||
}
|
||||
|
||||
table {
|
||||
background-color: white;
|
||||
color: black;
|
||||
text-align: left;
|
||||
font:11px/20px verdana, arial, helvetica, sans-serif;
|
||||
margin-left: 10%;
|
||||
margin-right: 10%;
|
||||
}
|
||||
|
||||
th {
|
||||
background-color: #ccccff;
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
td.header {
|
||||
font-weight: bold;
|
||||
}
|
||||
|
||||
#Content>p {margin:0px;}
|
||||
#Content>p+p {text-indent:30px;}
|
||||
a {
|
||||
@ -57,6 +88,25 @@ pre {
|
||||
text-decoration:none;
|
||||
font-family:courier;
|
||||
}
|
||||
pre.codeblock {
|
||||
/* code block (bordered, slight gray background) */
|
||||
border-style:solid;
|
||||
border-color:black;
|
||||
border-width:1px 1px 1px 1px;
|
||||
background-color:#f8f8f8;
|
||||
margin-left: 10%;
|
||||
margin-right: 10%;
|
||||
}
|
||||
dl {
|
||||
/* definition text block */
|
||||
font:11px/20px verdana, arial, helvetica, sans-serif;
|
||||
margin:0px 0px 16px 0px;
|
||||
padding:0px;
|
||||
}
|
||||
dt {
|
||||
/* definition term */
|
||||
font-weight: bold;
|
||||
}
|
||||
|
||||
#Header {
|
||||
margin:50px 0px 10px 0px;
|
||||
@ -83,7 +133,7 @@ body>#Header {height:14px;}
|
||||
position:absolute;
|
||||
top:100px;
|
||||
left:20px;
|
||||
width:152px;
|
||||
width:162px;
|
||||
padding:10px;
|
||||
background-color:#eee;
|
||||
border:1px dashed #999;
|
||||
@ -91,6 +141,6 @@ body>#Header {height:14px;}
|
||||
text-align:right;
|
||||
voice-family: "\"}\"";
|
||||
voice-family:inherit;
|
||||
width:150px;
|
||||
width:160px;
|
||||
}
|
||||
body>#Menu {width:150px;}
|
||||
body>#Menu {width:160px;}
|
||||
|
Loading…
Reference in New Issue
Block a user