Status

Current Version: 20060307

Chris PeBenito

Chris PeBenito

	See download for download

Chris PeBenito

	information. Details of this release are part of the changelog.

Chris PeBenito

	This release focused on improving the consistency of interface names

Chris PeBenito

	in an effort to stabilize the Reference Policy interfaces.

Chris PeBenito

	Currently both strict and targeted policies can

Chris PeBenito

26deab

	be built.  MLS policies can be built, but the policy is still undergoing

Chris PeBenito

26deab

	testing on running systems.

Chris PeBenito

Chris PeBenito

Chris PeBenito

Status and Tasks

Karl MacMillan

1c5008

Chris PeBenito

Karl MacMillan

1c5008

	Reference Policy Status

Karl MacMillan

Karl MacMillan

Karl MacMillan

Karl MacMillan

	Task/ComponentStatusDescription

Chris PeBenito

Chris PeBenito

Chris PeBenito

		Policy Structure

Chris PeBenito

		Complete

Chris PeBenito

		The policy is converted over to new Reference Policy structure

Chris PeBenito

Chris PeBenito

Chris PeBenito

		TE Policy

Chris PeBenito

		Conversion Ongoing

Chris PeBenito

		Conversion of old policy to Reference Policy modules is ongoing

Karl MacMillan

44772e

Chris PeBenito

Chris PeBenito

		Loadable Policy Modules

Chris PeBenito

		Major improvements

Chris PeBenito

		Infrastructure is in place to support both source policy and

Chris PeBenito

			loadable policy modules.  Makefile support completed.

Chris PeBenito

Karl MacMillan

44772e

Chris PeBenito

		Documentation Infrastructure

Chris PeBenito

		Interfaces, templates, Booleans, and tunables complete

Chris PeBenito

		Tools to create webpages from the module interface and

Chris PeBenito

			template documentation is complete. Global Booleans and

Chris PeBenito

			tunables are supported. Booleans and tunables local to

Chris PeBenito

			policies are planned.

Chris PeBenito

Chris PeBenito

Chris PeBenito

		Policy Documentation

Chris PeBenito

		Ongoing

Chris PeBenito

		Most modules are documented.

Chris PeBenito

Chris PeBenito

Chris PeBenito

		Unused Modules

Chris PeBenito

		Complete

Chris PeBenito

		Modules can be disabled by using modules.conf.

Chris PeBenito

Chris PeBenito

Chris PeBenito

		MLS Infrastructure

Chris PeBenito

		Minor improvements

Chris PeBenito

		MLS infrastructure added to support easy conversion between

Chris PeBenito

			MLS and non-MLS policy.  Policy is compilable, but

Chris PeBenito

			only lightly tested.

Chris PeBenito

Chris PeBenito

Chris PeBenito

		MCS Support

Chris PeBenito

		Minor improvements

Chris PeBenito

		MLS infrastructure has been extended to support MCS

Chris PeBenito

			categories in users and all contexts.  MCS constraints

Chris PeBenito

			have been added.  Policy has been tested in the

Chris PeBenito

			targeted-mcs policy configuration.

Chris PeBenito

Chris PeBenito

Chris PeBenito

		Network Infrastructure

Chris PeBenito

		Minor improvements

Chris PeBenito

		All network ports, nodes, and interfaces moved to

Chris PeBenito

			corenetwork module, interfaces generated automatically.

Chris PeBenito

			Plan to add more infrastructure for configuration of

Chris PeBenito

			ports, nodes, and interfaces.

Chris PeBenito

Chris PeBenito

Chris PeBenito

		User domains and roles

Chris PeBenito

		Minor improvements

Chris PeBenito

		Some infrastructure added to support per-user domain policy,

Chris PeBenito

			e.g., to create types and policy for ssh,

Chris PeBenito

			for each user.  Plan to add infrastructure to easily

Chris PeBenito

			configure userdomains and roles.

Chris PeBenito

Chris PeBenito

Chris PeBenito

		Labeling

Chris PeBenito

		Minor improvements

Chris PeBenito

		All labeling moved to modules, consistent with Reference

Chris PeBenito

			Policy structure. Levels can be added to the labels

Chris PeBenito

			without changes to the policy.

Chris PeBenito

Chris PeBenito

Chris PeBenito

		Tunables

Chris PeBenito

		Minor improvements

Chris PeBenito

		Tunables are documented and included in the webpage policy

Chris PeBenito

			documentation.

Chris PeBenito

Chris PeBenito

Chris PeBenito

		Users

Chris PeBenito

		Unchanged

Chris PeBenito

		Assignment of users to roles.

Chris PeBenito

Chris PeBenito

Chris PeBenito

		Constraints

Chris PeBenito

		Unchanged

Chris PeBenito

		Plan to split up into relevant modules when loadable modules

Chris PeBenito

			support this.  There are ordering problems with source

Chris PeBenito

			policies.

Chris PeBenito

Chris PeBenito

Chris PeBenito

		Flask

Chris PeBenito

		Unchanged

Chris PeBenito

		Headers for the policy, describing object classes, and

Chris PeBenito

			their permissions.  No planned changes.

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

Roadmap

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      Reference Policy Roadmap

Chris PeBenito

Chris PeBenito

Chris PeBenito

      Version

Chris PeBenito

      Date

Chris PeBenito

      Description

Chris PeBenito

Chris PeBenito

Chris PeBenito

0.1

Chris PeBenito

      June 2005

Chris PeBenito

      Initial public release, basic policy restructuring, some infrastructure, few modules, and minimal documentation.

Chris PeBenito

Chris PeBenito

Chris PeBenito

0.2

Chris PeBenito

      July 2005

Chris PeBenito

      Restructuring complete, additional modules, and improved infrastructure.

Chris PeBenito

Chris PeBenito

Chris PeBenito

0.3

Chris PeBenito

      August 2005

Chris PeBenito

      Additional modules, documentation, and base module configuration support.

Chris PeBenito

Chris PeBenito

Chris PeBenito

0.4

Chris PeBenito

      September 2005

Chris PeBenito

      Additional modules, documentation, and tested loadable module support.

Chris PeBenito

Chris PeBenito

Chris PeBenito

0.5

Chris PeBenito

      October 2005

Chris PeBenito

      Additional modules, documentation, targeted policy, and tested MLS support

Chris PeBenito

Chris PeBenito

Chris PeBenito

0.6

Chris PeBenito

      December 2005

Chris PeBenito

      Additional modules, documentation, and module variations

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

-->

Chris PeBenito

1fe082

Policy Conversion

Chris PeBenito

1fe082

Chris PeBenito

1fe082

This phase of reference policy development involves the conversion of policies

Chris PeBenito

18fa7a

from the example policy.  Please use the current NSA example policy

Chris PeBenito

in

Chris PeBenito

NSA SourceForge CVS.

Chris PeBenito

For those who wish to contribute, here is a listing of modules which need to be

Chris PeBenito

converted:

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      Policy Module Status

Chris PeBenito

Chris PeBenito

Chris PeBenito

      Module Name

Chris PeBenito

      Previous Policy Files

Chris PeBenito

      Assigned To

Chris PeBenito

Chris PeBenito

Chris PeBenito

      asterisk

Chris PeBenito

      asterisk.te asterisk.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      authbind

Chris PeBenito

      authbind.te authbind.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      backup

Chris PeBenito

      backup.te backup.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      courier

Chris PeBenito

      courier.te courier.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

dcc

Chris PeBenito

      dcc.te dcc.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      ddclient

Chris PeBenito

      ddclient.te ddclient.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      dnsmasq

Chris PeBenito

      dnsmasq.te dnsmasq.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      fontconfig *

Chris PeBenito

18fa7a

      fontconfig.te fontconfig.fc fontconfig_macros.te

Chris PeBenito

6a0b25

      Tresys

Chris PeBenito

Chris PeBenito

Chris PeBenito

      gatekeeper

Chris PeBenito

      gatekeeper.te gatekeeper.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      gift

Chris PeBenito

      gift.te gift.fc gift_macros.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      gnome *

Chris PeBenito

18fa7a

      gnome.te gnome.fc gnome_macros.te gnome_vfs.te gnome_vfs.fc gnome_vfs_macros.te gnome-pty-helper.te gnome-pty-helper.fc gph_macros.te bonobo.te bonobo.fc bonobo_macros.te gconf.te gconf.fc gconf_macros.te orbit.te orbit.fc orbit_macros.te

Chris PeBenito

6a0b25

      Tresys

Chris PeBenito

Chris PeBenito

Chris PeBenito

      imazesrv

Chris PeBenito

      imazesrv.te imazesrv.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      ircd

Chris PeBenito

      ircd.te ircd.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      jabber

Chris PeBenito

      jabberd.te jabberd.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

lcd

Chris PeBenito

      lcd.te lcd.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

lrr

Chris PeBenito

      lrrd.te lrrd.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      monop

Chris PeBenito

      monopd.te monopd.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

nsd

Chris PeBenito

      nsd.te nsd.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

nx

Chris PeBenito

      nx_server.te nx_server.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      oav-update

Chris PeBenito

      oav-update.te oav-update.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      openca

Chris PeBenito

      openca-ca.te openca-ca.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      perdition

Chris PeBenito

      perdition.te perdition.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      portslave

Chris PeBenito

      portslave.te portslave.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      pyzor

Chris PeBenito

7bdc0b

      pyzor.te pyzor.fc pyzor_macros.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      razor

Chris PeBenito

7bdc0b

      razor.te razor.fc razor_macros.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      resmgr

Chris PeBenito

      resmgrd.te resmgrd.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      rssh

Chris PeBenito

7bdc0b

      rssh.te rssh.fc rssh_macros.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      scannerdaemon

Chris PeBenito

      scannerdaemon.te scannerdaemon.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      sound-server

Chris PeBenito

26deab

      sound-server.te sound-server.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      speedtouch

Chris PeBenito

      speedmgmt.te speedmgmt.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      sxid

Chris PeBenito

      sxid.te sxid.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      transproxy

Chris PeBenito

      transproxy.te transproxy.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      tripwire

Chris PeBenito

      tripwire.te tripwire.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      uptimed

Chris PeBenito

      uptimed.te uptimed.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      uwimap

Chris PeBenito

      uwimapd.te uwimapd.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      vmware *

Chris PeBenito

      vmware.te vmware.fc vmware_macros.te

Chris PeBenito

6a0b25

      Tresys

Chris PeBenito

Chris PeBenito

Chris PeBenito

      watchdog

Chris PeBenito

      watchdog.te watchdog.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      xprint

Chris PeBenito

      xprint.te xprint.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

yam

Chris PeBenito

      yam.te yam.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      (*) Modules in the Fedora strict policy

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

Testing Status

Chris PeBenito

fe51b3

Chris PeBenito