|
Karl MacMillan |
9f945b |
Status
|
|
Chris PeBenito |
3d6520 |
Current Version: 20060307
|
|
Chris PeBenito |
67b899 |
|
|
Chris PeBenito |
67b899 |
See download for download
|
|
Chris PeBenito |
67b899 |
information. Details of this release are part of the changelog.
|
|
Chris PeBenito |
3d6520 |
This release focused on improving the consistency of interface names
|
|
Chris PeBenito |
3d6520 |
in an effort to stabilize the Reference Policy interfaces.
|
|
Chris PeBenito |
3d6520 |
Currently both strict and targeted policies can
|
|
Chris PeBenito |
26deab |
be built. MLS policies can be built, but the policy is still undergoing
|
|
Chris PeBenito |
26deab |
testing on running systems.
|
|
Chris PeBenito |
67b899 |
|
|
Chris PeBenito |
d299d7 |
|
|
Chris PeBenito |
d299d7 |
Status and Tasks
|
|
Karl MacMillan |
1c5008 |
|
|
Chris PeBenito |
faf0db |
|
|
Karl MacMillan |
1c5008 |
Reference Policy Status
|
|
Karl MacMillan |
1c5008 |
|
|
Karl MacMillan |
1c5008 |
|
|
Karl MacMillan |
1c5008 |
|
|
Karl MacMillan |
1c5008 |
Task/ComponentStatusDescription
|
|
Chris PeBenito |
faf0db |
|
|
Chris PeBenito |
faf0db |
|
|
Chris PeBenito |
faf0db |
Policy Structure
|
|
Chris PeBenito |
faf0db |
Complete
|
|
Chris PeBenito |
faf0db |
The policy is converted over to new Reference Policy structure
|
|
Chris PeBenito |
faf0db |
|
|
Chris PeBenito |
faf0db |
|
|
Chris PeBenito |
faf0db |
TE Policy
|
|
Chris PeBenito |
faf0db |
Conversion Ongoing
|
|
Chris PeBenito |
faf0db |
Conversion of old policy to Reference Policy modules is ongoing
|
|
Karl MacMillan |
44772e |
|
|
Chris PeBenito |
faf0db |
|
|
Chris PeBenito |
faf0db |
Loadable Policy Modules
|
|
Chris PeBenito |
faf0db |
Major improvements
|
|
Chris PeBenito |
faf0db |
Infrastructure is in place to support both source policy and
|
|
Chris PeBenito |
3d6520 |
loadable policy modules. Makefile support completed.
|
|
Chris PeBenito |
faf0db |
|
|
Karl MacMillan |
44772e |
|
|
Chris PeBenito |
faf0db |
Documentation Infrastructure
|
|
Chris PeBenito |
e376ad |
Interfaces, templates, Booleans, and tunables complete
|
|
Chris PeBenito |
e376ad |
Tools to create webpages from the module interface and
|
|
Chris PeBenito |
e376ad |
template documentation is complete. Global Booleans and
|
|
Chris PeBenito |
e376ad |
tunables are supported. Booleans and tunables local to
|
|
Chris PeBenito |
e376ad |
policies are planned.
|
|
Chris PeBenito |
faf0db |
|
|
Chris PeBenito |
faf0db |
|
|
Chris PeBenito |
faf0db |
Policy Documentation
|
|
Chris PeBenito |
faf0db |
Ongoing
|
|
Chris PeBenito |
e376ad |
Most modules are documented.
|
|
Chris PeBenito |
faf0db |
|
|
Chris PeBenito |
faf0db |
|
|
Chris PeBenito |
faf0db |
Unused Modules
|
|
Chris PeBenito |
faf0db |
Complete
|
|
Chris PeBenito |
faf0db |
Modules can be disabled by using modules.conf.
|
|
Chris PeBenito |
faf0db |
|
|
Chris PeBenito |
faf0db |
|
|
Chris PeBenito |
faf0db |
MLS Infrastructure
|
|
Chris PeBenito |
faf0db |
Minor improvements
|
|
Chris PeBenito |
faf0db |
MLS infrastructure added to support easy conversion between
|
|
Chris PeBenito |
faf0db |
MLS and non-MLS policy. Policy is compilable, but
|
|
Chris PeBenito |
3d6520 |
only lightly tested.
|
|
Chris PeBenito |
faf0db |
|
|
Chris PeBenito |
faf0db |
|
|
Chris PeBenito |
44a4c2 |
MCS Support
|
|
Chris PeBenito |
44a4c2 |
Minor improvements
|
|
Chris PeBenito |
44a4c2 |
MLS infrastructure has been extended to support MCS
|
|
Chris PeBenito |
44a4c2 |
categories in users and all contexts. MCS constraints
|
|
Chris PeBenito |
67b899 |
have been added. Policy has been tested in the
|
|
Chris PeBenito |
67b899 |
targeted-mcs policy configuration.
|
|
Chris PeBenito |
44a4c2 |
|
|
Chris PeBenito |
44a4c2 |
|
|
Chris PeBenito |
faf0db |
Network Infrastructure
|
|
Chris PeBenito |
faf0db |
Minor improvements
|
|
Chris PeBenito |
faf0db |
All network ports, nodes, and interfaces moved to
|
|
Chris PeBenito |
faf0db |
corenetwork module, interfaces generated automatically.
|
|
Chris PeBenito |
faf0db |
Plan to add more infrastructure for configuration of
|
|
Chris PeBenito |
faf0db |
ports, nodes, and interfaces.
|
|
Chris PeBenito |
faf0db |
|
|
Chris PeBenito |
faf0db |
|
|
Chris PeBenito |
faf0db |
User domains and roles
|
|
Chris PeBenito |
faf0db |
Minor improvements
|
|
Chris PeBenito |
faf0db |
Some infrastructure added to support per-user domain policy,
|
|
Chris PeBenito |
faf0db |
e.g., to create types and policy for ssh,
|
|
Chris PeBenito |
faf0db |
for each user. Plan to add infrastructure to easily
|
|
Chris PeBenito |
faf0db |
configure userdomains and roles.
|
|
Chris PeBenito |
faf0db |
|
|
Chris PeBenito |
faf0db |
|
|
Chris PeBenito |
faf0db |
Labeling
|
|
Chris PeBenito |
faf0db |
Minor improvements
|
|
Chris PeBenito |
faf0db |
All labeling moved to modules, consistent with Reference
|
|
Chris PeBenito |
e376ad |
Policy structure. Levels can be added to the labels
|
|
Chris PeBenito |
e376ad |
without changes to the policy.
|
|
Chris PeBenito |
faf0db |
|
|
Chris PeBenito |
faf0db |
|
|
Chris PeBenito |
faf0db |
Tunables
|
|
Chris PeBenito |
faf0db |
Minor improvements
|
|
Chris PeBenito |
e376ad |
Tunables are documented and included in the webpage policy
|
|
Chris PeBenito |
e376ad |
documentation.
|
|
Chris PeBenito |
faf0db |
|
|
Chris PeBenito |
faf0db |
|
|
Chris PeBenito |
faf0db |
Users
|
|
Chris PeBenito |
faf0db |
Unchanged
|
|
Chris PeBenito |
e376ad |
Assignment of users to roles.
|
|
Chris PeBenito |
faf0db |
|
|
Chris PeBenito |
faf0db |
|
|
Chris PeBenito |
faf0db |
Constraints
|
|
Chris PeBenito |
faf0db |
Unchanged
|
|
Chris PeBenito |
e376ad |
Plan to split up into relevant modules when loadable modules
|
|
Chris PeBenito |
e376ad |
support this. There are ordering problems with source
|
|
Chris PeBenito |
e376ad |
policies.
|
|
Chris PeBenito |
faf0db |
|
|
Chris PeBenito |
faf0db |
|
|
Chris PeBenito |
faf0db |
Flask
|
|
Chris PeBenito |
faf0db |
Unchanged
|
|
Chris PeBenito |
faf0db |
Headers for the policy, describing object classes, and
|
|
Chris PeBenito |
e376ad |
their permissions. No planned changes.
|
|
Chris PeBenito |
faf0db |
|
|
Chris PeBenito |
faf0db |
|
|
Chris PeBenito |
d299d7 |
|
|
Chris PeBenito |
3d6520 |
|
|
Chris PeBenito |
d299d7 |
Roadmap
|
|
Chris PeBenito |
d299d7 |
|
|
Chris PeBenito |
d299d7 |
|
|
Chris PeBenito |
d299d7 |
|
|
Chris PeBenito |
d299d7 |
Reference Policy Roadmap
|
|
Chris PeBenito |
d299d7 |
|
|
Chris PeBenito |
d299d7 |
|
|
Chris PeBenito |
d299d7 |
Version
|
|
Chris PeBenito |
d299d7 |
Date
|
|
Chris PeBenito |
d299d7 |
Description
|
|
Chris PeBenito |
d299d7 |
|
|
Chris PeBenito |
d299d7 |
|
|
Chris PeBenito |
d299d7 |
0.1
|
|
Chris PeBenito |
d299d7 |
June 2005
|
|
Chris PeBenito |
d299d7 |
Initial public release, basic policy restructuring, some infrastructure, few modules, and minimal documentation.
|
|
Chris PeBenito |
d299d7 |
|
|
Chris PeBenito |
d299d7 |
|
|
Chris PeBenito |
d299d7 |
0.2
|
|
Chris PeBenito |
d299d7 |
July 2005
|
|
Chris PeBenito |
d299d7 |
Restructuring complete, additional modules, and improved infrastructure.
|
|
Chris PeBenito |
d299d7 |
|
|
Chris PeBenito |
d299d7 |
|
|
Chris PeBenito |
d299d7 |
0.3
|
|
Chris PeBenito |
d299d7 |
August 2005
|
|
Chris PeBenito |
d299d7 |
Additional modules, documentation, and base module configuration support.
|
|
Chris PeBenito |
d299d7 |
|
|
Chris PeBenito |
d299d7 |
|
|
Chris PeBenito |
d299d7 |
0.4
|
|
Chris PeBenito |
d299d7 |
September 2005
|
|
Chris PeBenito |
d299d7 |
Additional modules, documentation, and tested loadable module support.
|
|
Chris PeBenito |
d299d7 |
|
|
Chris PeBenito |
d299d7 |
|
|
Chris PeBenito |
d299d7 |
0.5
|
|
Chris PeBenito |
d299d7 |
October 2005
|
|
Chris PeBenito |
d299d7 |
Additional modules, documentation, targeted policy, and tested MLS support
|
|
Chris PeBenito |
d299d7 |
|
|
Chris PeBenito |
d299d7 |
|
|
Chris PeBenito |
d299d7 |
0.6
|
|
Chris PeBenito |
d299d7 |
December 2005
|
|
Chris PeBenito |
d299d7 |
Additional modules, documentation, and module variations
|
|
Chris PeBenito |
d299d7 |
|
|
Chris PeBenito |
d299d7 |
|
|
Chris PeBenito |
d299d7 |
|
|
Chris PeBenito |
d299d7 |
|
|
Chris PeBenito |
3d6520 |
-->
|
|
Chris PeBenito |
1fe082 |
Policy Conversion
|
|
Chris PeBenito |
1fe082 |
|
|
Chris PeBenito |
1fe082 |
This phase of reference policy development involves the conversion of policies
|
|
Chris PeBenito |
18fa7a |
from the example policy. Please use the current NSA example policy
|
|
Chris PeBenito |
44a4c2 |
in
|
|
Chris PeBenito |
44a4c2 |
NSA SourceForge CVS.
|
|
Chris PeBenito |
e24981 |
For those who wish to contribute, here is a listing of modules which need to be
|
|
Chris PeBenito |
e24981 |
converted:
|
|
Chris PeBenito |
f5bf2e |
|
|
Chris PeBenito |
f5bf2e |
|
|
Chris PeBenito |
f5bf2e |
|
|
Chris PeBenito |
f5bf2e |
|
|
Chris PeBenito |
f5bf2e |
Policy Module Status
|
|
Chris PeBenito |
f5bf2e |
|
|
Chris PeBenito |
f5bf2e |
|
|
Chris PeBenito |
f5bf2e |
Module Name
|
|
Chris PeBenito |
f5bf2e |
Previous Policy Files
|
|
Chris PeBenito |
f5bf2e |
Assigned To
|
|
Chris PeBenito |
f5bf2e |
|
|
Chris PeBenito |
f5bf2e |
|
|
Chris PeBenito |
9f8c87 |
gnome
|
|
Chris PeBenito |
18fa7a |
gnome.te gnome.fc gnome_macros.te gnome_vfs.te gnome_vfs.fc gnome_vfs_macros.te gnome-pty-helper.te gnome-pty-helper.fc gph_macros.te bonobo.te bonobo.fc bonobo_macros.te gconf.te gconf.fc gconf_macros.te orbit.te orbit.fc orbit_macros.te
|
|
Chris PeBenito |
6a0b25 |
Tresys
|
|
Chris PeBenito |
f5bf2e |
|
|
Chris PeBenito |
f5bf2e |
|
|
Chris PeBenito |
f5bf2e |
|
|
Chris PeBenito |
67b899 |
|
|
Chris PeBenito |
fe51b3 |
Testing Status
|
|
Chris PeBenito |
fe51b3 |
|
|
Chris PeBenito |
6aa357 |
Reference policy is used as the basis of all of the Fedora Core 5 policies.
|
|
Chris PeBenito |
fe51b3 |
|