Karl MacMillan 65a27e

Project Overview

Karl MacMillan 65a27e

Chris PeBenito 9a453f
The SELinux Reference Policy project (refpolicy) is creating a complete SELinux policy as an alternative to the existing strict and targeted policies available from http://selinux.sf.net. Once complete, this policy will be able to be used as the system policy for a variety of systems and used as the basis for creating other policies. Refpolicy is based on the current strict and targeted policies, but aims to accomplish many additional goals.
Karl MacMillan 9f945b

Karl MacMillan a585f3

Karl MacMillan a585f3

Chris PeBenito bd113c
Refpolicy is under active development, with support and full time development staff from Tresys Technology. The first release is available from the download page. This release is far from complete and is not usable as a drop in replacement for the existing policies. It is for interested policy developers and community members to examine and comment upon. The  status page has more details on what is included in the current release. This project is just getting started and we are looking for policy developers interested in contributing.
Karl MacMillan a585f3

Karl MacMillan 1c5008

Karl MacMillan a585f3

Project Goals

Karl MacMillan a585f3

Security

Karl MacMillan 1c5008

Security is the reason for existence for SELinux policies and must, therefore, always be the first priority. The common view of security as a binary state (secure or not secure) is not a sufficient goal for developing an SELinux policy. In reality, different systems have different requirements and purposes and corresponding differences in the meaning of secure. What is a fundamental security flaw on one system might be the acceptable, or even the primary functionality, of another. The challenge for a system policies like the current strict and targeted policy or refpolicy is to support as many of these differring security goals as is practical. To accomplish this refpolicy will provide:

Karl MacMillan a585f3

Karl MacMillan a585f3
Karl MacMillan a585f3
    Karl MacMillan a585f3
    	
  • Security Goals: clearly stated security goals will for each component of the policy. This will allow policy developers to determine if a given component meets their security needs.
  • Karl MacMillan a585f3
    	
  • Flexible Base Policy: a base policy that protects the basic operating system and serves as a foundation to the rest of the policy. This base policy should be able to support a variety of application policies with differing security goals.
  • Chris PeBenito 5fa782
    	
  • Application Policy Variations: application policy variations that make different security tradeoffs. For example, two Apache policies might be created. One that is for serving read-only, static content that is severely restricted and another that is appropriate for dynamic content.
  • Karl MacMillan a585f3
    	
  • Configuration Tools: configuration tools that allow the policy developer to make important security decisions including defining roles, configuring networking, and trading legacy compatibility for increased security.
  • Karl MacMillan a585f3
    	
  • Multi-Level Security: MLS will be supported out-of-the-box without requiring destructive changes to the policy. It will be possible to compile and MLS and non-MLS policy from the same policy files by switching a configuration option.
  • Karl MacMillan a585f3
    Karl MacMillan a585f3
    Karl MacMillan a585f3

    Usability and Documentation

    Karl MacMillan 1c5008

    Karl MacMillan 1c5008
    The difficulty and complexity of creating SELinux policies has become the number one barrier to the adoption of SELinux. It also potentially reduces the security of the policies: a policy that is too complex to easily understand is difficult to make secure. Refpolicy aims to make aggressive improvements in this area, making policies easier to develop, understand, and analyze. This will be addressed through improved structuring and organization, the addition of modularity and abstraction, and documentation. See getting started and documentation for more information.
    Karl MacMillan 1c5008

    Karl MacMillan 1c5008

    Flexibility and Configuration

    Karl MacMillan 1c5008

    Karl MacMillan 1c5008
    Refpolicy aims to support a variety of policy configurations and formats, including standard source policies, MLS policies, and
    Karl MacMillan 1c5008
    loadable policy modules all from the same source tree. This is done through the addition of infrastructure for automatically handling the differences between source and loadable module based policies and the additional MLS fields to all policy statements that include contexts.
    Karl MacMillan 1c5008

    Karl MacMillan a585f3