Status

Current Version: 20050907

Karl MacMillan

9f945b

Chris PeBenito

2dda6a

	See download for download

Chris PeBenito

698a4a

	information. Details of this release are part of the changelog.

Chris PeBenito

	This release focused on addition of policies from the NSA example

Chris PeBenito

	policy.  Currently both strict and targeted policies can be

Chris PeBenito

698a4a

	built.  MLS policies can be built, but the policy has not been tested

Chris PeBenito

698a4a

	on running systems.

Chris PeBenito

2dda6a

Chris PeBenito

Chris PeBenito

Status and Tasks

Karl MacMillan

1c5008

Chris PeBenito

Karl MacMillan

1c5008

	Reference Policy Status

Karl MacMillan

Karl MacMillan

Karl MacMillan

Karl MacMillan

	Task/ComponentStatusDescription

Chris PeBenito

Chris PeBenito

Chris PeBenito

		Policy Structure

Chris PeBenito

		Complete

Chris PeBenito

		The policy is converted over to new Reference Policy structure

Chris PeBenito

Chris PeBenito

Chris PeBenito

		TE Policy

Chris PeBenito

		Conversion Ongoing

Chris PeBenito

		Conversion of old policy to Reference Policy modules is ongoing

Karl MacMillan

44772e

Chris PeBenito

Chris PeBenito

		Loadable Policy Modules

Chris PeBenito

		Major improvements

Chris PeBenito

		Infrastructure is in place to support both source policy and

Chris PeBenito

c2ecf0

			loadable policy modules.  Makefile support completed.

Chris PeBenito

Karl MacMillan

44772e

Chris PeBenito

		Documentation Infrastructure

Chris PeBenito

		Interfaces, templates, Booleans, and tunables complete

Chris PeBenito

		Tools to create webpages from the module interface and

Chris PeBenito

			template documentation is complete. Global Booleans and

Chris PeBenito

			tunables are supported. Booleans and tunables local to

Chris PeBenito

			policies are planned.

Chris PeBenito

Chris PeBenito

Chris PeBenito

		Policy Documentation

Chris PeBenito

		Ongoing

Chris PeBenito

		Most modules are documented.

Chris PeBenito

Chris PeBenito

Chris PeBenito

		Unused Modules

Chris PeBenito

		Complete

Chris PeBenito

		Modules can be disabled by using modules.conf.

Chris PeBenito

Chris PeBenito

Chris PeBenito

		MLS Infrastructure

Chris PeBenito

		Minor improvements

Chris PeBenito

		MLS infrastructure added to support easy conversion between

Chris PeBenito

			MLS and non-MLS policy.  Policy is compilable, but

Chris PeBenito

			untested. Need further investigations to ensure

Chris PeBenito

			the levels in the policy are correct.

Chris PeBenito

Chris PeBenito

Chris PeBenito

		Network Infrastructure

Chris PeBenito

		Minor improvements

Chris PeBenito

		All network ports, nodes, and interfaces moved to

Chris PeBenito

			corenetwork module, interfaces generated automatically.

Chris PeBenito

			Plan to add more infrastructure for configuration of

Chris PeBenito

			ports, nodes, and interfaces.

Chris PeBenito

Chris PeBenito

Chris PeBenito

		User domains and roles

Chris PeBenito

		Minor improvements

Chris PeBenito

		Some infrastructure added to support per-user domain policy,

Chris PeBenito

			e.g., to create types and policy for ssh,

Chris PeBenito

			for each user.  Plan to add infrastructure to easily

Chris PeBenito

			configure userdomains and roles.

Chris PeBenito

Chris PeBenito

Chris PeBenito

		Labeling

Chris PeBenito

		Minor improvements

Chris PeBenito

		All labeling moved to modules, consistent with Reference

Chris PeBenito

			Policy structure. Levels can be added to the labels

Chris PeBenito

			without changes to the policy.

Chris PeBenito

Chris PeBenito

Chris PeBenito

		Tunables

Chris PeBenito

		Minor improvements

Chris PeBenito

		Tunables are documented and included in the webpage policy

Chris PeBenito

			documentation.

Chris PeBenito

Chris PeBenito

Chris PeBenito

		Users

Chris PeBenito

		Unchanged

Chris PeBenito

		Assignment of users to roles.

Chris PeBenito

Chris PeBenito

Chris PeBenito

		Constraints

Chris PeBenito

		Unchanged

Chris PeBenito

		Plan to split up into relevant modules when loadable modules

Chris PeBenito

			support this.  There are ordering problems with source

Chris PeBenito

			policies.

Chris PeBenito

Chris PeBenito

Chris PeBenito

		Flask

Chris PeBenito

		Unchanged

Chris PeBenito

		Headers for the policy, describing object classes, and

Chris PeBenito

			their permissions.  No planned changes.

Chris PeBenito

Chris PeBenito

Chris PeBenito

		Genhomedircon

Chris PeBenito

		Unchanged

Chris PeBenito

		Tool to properly label users' home directories.

Chris PeBenito

			No planned changes

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

Roadmap

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      Reference Policy Roadmap

Chris PeBenito

Chris PeBenito

Chris PeBenito

      Version

Chris PeBenito

      Date

Chris PeBenito

      Description

Chris PeBenito

Chris PeBenito

Chris PeBenito

0.1

Chris PeBenito

      June 2005

Chris PeBenito

      Initial public release, basic policy restructuring, some infrastructure, few modules, and minimal documentation.

Chris PeBenito

Chris PeBenito

Chris PeBenito

0.2

Chris PeBenito

      July 2005

Chris PeBenito

      Restructuring complete, additional modules, and improved infrastructure.

Chris PeBenito

Chris PeBenito

Chris PeBenito

0.3

Chris PeBenito

      August 2005

Chris PeBenito

      Additional modules, documentation, and base module configuration support.

Chris PeBenito

Chris PeBenito

Chris PeBenito

0.4

Chris PeBenito

      September 2005

Chris PeBenito

      Additional modules, documentation, and tested loadable module support.

Chris PeBenito

Chris PeBenito

Chris PeBenito

0.5

Chris PeBenito

      October 2005

Chris PeBenito

      Additional modules, documentation, targeted policy, and tested MLS support

Chris PeBenito

Chris PeBenito

Chris PeBenito

0.6

Chris PeBenito

      December 2005

Chris PeBenito

      Additional modules, documentation, and module variations

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

Policy Conversion

Chris PeBenito

1fe082

Chris PeBenito

1fe082

This phase of reference policy development involves the conversion of policies

Chris PeBenito

from the example strict policy.  We are updating the baseline to NSA CVS.

Chris PeBenito

Modules that are in the targeted policy are the first priority, and modules

Chris PeBenito

in the strict policy, but not targeted are second priority.

Chris PeBenito

For those who wish to contribute, here is a listing of modules which need to be

Chris PeBenito

converted:

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      Policy Module Status

Chris PeBenito

Chris PeBenito

Chris PeBenito

      Module Name

Chris PeBenito

      Previous Policy Files

Chris PeBenito

      Assigned To

Chris PeBenito

Chris PeBenito

Chris PeBenito

      amanda *+

Chris PeBenito

      amanda.te amanda.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      anaconda *+

Chris PeBenito

      anaconda.te anaconda.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      amavis

Chris PeBenito

      amavis.te amavis.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      apache *+

Chris PeBenito

      apache.te apache.fc apache_macros.te

Chris PeBenito

      Tresys

Chris PeBenito

Chris PeBenito

Chris PeBenito

      arpwatch *+

Chris PeBenito

      arpwatch.te arpwatch.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      asterisk

Chris PeBenito

      asterisk.te asterisk.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      audio-entropy

Chris PeBenito

      audio-entropyd.te audio-entropyd.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      authbind

Chris PeBenito

      authbind.te authbind.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      automount +

Chris PeBenito

      automount.te automount.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      backup

Chris PeBenito

      backup.te backup.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      bluetooth *+

Chris PeBenito

      bluetooth.te bluetooth.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      bonobo +

Chris PeBenito

      bonobo.te bonobo.fc bonobo_macros.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      browser +

Chris PeBenito

      mozilla.te mozilla.fc mozilla_macros.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      calamaris

Chris PeBenito

      calabaris.te calamaris.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      cdrecord +

Chris PeBenito

      cdrecord.te cdrecord.fc cdrecord_macros.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      certwatch +

Chris PeBenito

      certwatch.te certwatch.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      cipe

Chris PeBenito

      ciped.te ciped.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      clamav

Chris PeBenito

      clamav.te clamav.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      courier

Chris PeBenito

      courier.te courier.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      cvs *+

Chris PeBenito

      cvs.te cvs.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      cyrus *+

Chris PeBenito

      cyrus.te cyrus.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      daemontools

Chris PeBenito

      daemontools.te daemontools.fc daemontools_macros.te

Chris PeBenito

      Tresys

Chris PeBenito

Chris PeBenito

Chris PeBenito

      dante

Chris PeBenito

      dante.te dante.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

dcc

Chris PeBenito

      dcc.te dcc.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      ddclient

Chris PeBenito

      ddclient.te ddclient.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      ddcprobe +

Chris PeBenito

      ddcprobe.te ddcprobe.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      distcc

Chris PeBenito

      distcc.te distcc.fc

Chris PeBenito

      Tresys

Chris PeBenito

Chris PeBenito

Chris PeBenito

      djbdns

Chris PeBenito

      djbdns.te djbdns.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      dmidecode *+

Chris PeBenito

      dmidecode.te dmidecode.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      dnsmasq

Chris PeBenito

      dnsmasq.te dnsmasq.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      dpkg

Chris PeBenito

      dpkg.te dpkg.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      dovecot *+

Chris PeBenito

      dovecot.te dovecot.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      ethereal +

Chris PeBenito

      ethereal.te ethereal.fc ethereal_macros.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      evolution +

Chris PeBenito

      evolution.te evolution.fc evolution_macros.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      fetchmail +

Chris PeBenito

      fetchmail.te fetchmail.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      finger *+

Chris PeBenito

      fingerd.te fingerd.fc fingerd_macros.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      fontconfig +

Chris PeBenito

      fontconfig.te fontconfig.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      ftp *+

Chris PeBenito

      ftpd.te ftpd.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      gatekeeper

Chris PeBenito

      gatekeeper.te gatekeeper.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      gconf +

Chris PeBenito

      gconf.te gconf.fc gconf_macros.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      games +

Chris PeBenito

      games.te games.fc games_domain.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      gift

Chris PeBenito

      gift.te gift.fc gift_macros.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      gnome +

Chris PeBenito

      gnome.te gnome.fc gnome_macros.te gnome_vfs.te gnome_vfs.fc gnome_vfs_macros.te gnome-pty-helper.te gnome-pty-helper.fc gph_macros.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      iceauth +

Chris PeBenito

      iceauth.te iceauth.fc iceauth_macros ice_macros.te(?)

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      imazesrv

Chris PeBenito

      imazesrv.te imazesrv.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      irc +

Chris PeBenito

      irc.te irc.fc irc_macros.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      ircd

Chris PeBenito

      ircd.te ircd.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      irqbalance +

Chris PeBenito

      irqbalance.te irqbalance.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      jabber

Chris PeBenito

      jabberd.te jabberd.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      java +

Chris PeBenito

      java.te java.fc java_macros.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      kudzu *+

Chris PeBenito

      kudzu.te kudzu.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

lcd

Chris PeBenito

      lcd.te lcd.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      lockdev +

Chris PeBenito

      lockdev.te lockdev.fc lockdev_macros.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

lrr

Chris PeBenito

      lrrd.te lrrd.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      mailman *+

Chris PeBenito

      mailman.te mailman.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      monop

Chris PeBenito

      monopd.te monopd.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      mplayer +

Chris PeBenito

      mplayer.te mplayer.fc mplayer_macros.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      mrtg +

Chris PeBenito

      mrtg.te mrtg.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      nagios

Chris PeBenito

      nagios.te nagios.fc nrpe.te nrpe.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      nessus

Chris PeBenito

      nessusd.te nessusd.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      networkmanager *+

Chris PeBenito

      NetworkManager.te NetworkManager.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

nsd

Chris PeBenito

      nsd.te nsd.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

nx

Chris PeBenito

      nx_server.te nx_server.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      oav-update

Chris PeBenito

      oav-update.te oav-update.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      openca

Chris PeBenito

      openca-ca.te openca-ca.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      openct +

Chris PeBenito

      openct.te openct.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      orbit +

Chris PeBenito

      orbit.te orbit.fc orbit_macros.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      perdition

Chris PeBenito

      perdition.te perdition.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      portslave

Chris PeBenito

      portslave.te portslave.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      postfix +

Chris PeBenito

      postfix.te postfix.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      ppp *+

Chris PeBenito

      pppd.te pppd.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      prelink +

Chris PeBenito

      prelink.te prelink.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      print *+

Chris PeBenito

      cups.te cups.fc lpd.te lpd.fc lpr_macros.te

Chris PeBenito

      Tresys

Chris PeBenito

Chris PeBenito

Chris PeBenito

      procmail +

Chris PeBenito

      procmail.te procmail.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      publicfile

Chris PeBenito

      publicfile.te publicfile.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

pxe

Chris PeBenito

      pxe.te pxe.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      pyzor

Chris PeBenito

      pyzor.te pyzor.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      radius *+

Chris PeBenito

      radius.te radius.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      radvd *+

Chris PeBenito

      radvd.te radvd.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      razor

Chris PeBenito

      razor.te razor.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      rdisc

Chris PeBenito

      rdisc.te rdisc.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      resmgr

Chris PeBenito

      resmgrd.te resmgrd.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      rlogin *+

Chris PeBenito

      rlogind.te rlogind.fc login_macros.te

Chris PeBenito

      Tresys

Chris PeBenito

Chris PeBenito

Chris PeBenito

      rpc *+

Chris PeBenito

      rpcd.te rpcd.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      rssh

Chris PeBenito

      rssh.te rssh.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      sasl *+

Chris PeBenito

      saslauthd.te saslauthd.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      scannerdaemon

Chris PeBenito

      scannerdaemon.te scannerdaemon.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      screen +

Chris PeBenito

      screen.te screen.fc screen_macros.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      slocate +

Chris PeBenito

      slocate.te slocate.fc slocate_macros.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      slrnpull +

Chris PeBenito

      slrnpull.te slrnpull.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      snort

Chris PeBenito

      snort.te snort.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      sound +

Chris PeBenito

      alsa.te alsa.fc sound.te sound.fc sound-server.te sound-server.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      spamassassin +

Chris PeBenito

      spamassassin.te spamc.te spamd.te spamassassin.fc spamc.fc spamd.fc spamassassin_macros.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      speedtouch

Chris PeBenito

      speedmgmt.te speedmgmt.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      stunnel *+

Chris PeBenito

      stunnel.te stunnel.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      sxid

Chris PeBenito

      sxid.te sxid.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      sysstat +

Chris PeBenito

      sysstat.te sysstat.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      telnet *+

Chris PeBenito

      telnetd.te telnetd.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      thunderbird +

Chris PeBenito

      thunderbird.te thunderbird.fc thunderbird_macros.te mail_client_macros.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      timidity +

Chris PeBenito

      timidity.te timidity.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      tinydns

Chris PeBenito

      tinydns.te tinydns.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      transproxy

Chris PeBenito

      transproxy.te transproxy.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      tripwire

Chris PeBenito

      tripwire.te tripwire.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      tvtime +

Chris PeBenito

      tvtime.te tvtime.fc tvtime_macros.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      ucspi-tcp

Chris PeBenito

      ucspi-tcp.te ucspi-tcp.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      uml +

Chris PeBenito

      uml.te uml.fc uml_macros.te uml_net.te uml_net.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      uptimed

Chris PeBenito

      uptimed.te uptimed.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      userhelper +

Chris PeBenito

      userhelper.te userhelper.fc userhelper_macros.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      usernetctl +

Chris PeBenito

      usernetctl.te usernetctl.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      uucp *+

Chris PeBenito

      uucpd.te uucpd.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      uwimap

Chris PeBenito

      uwimapd.te uwimapd.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      vmware +

Chris PeBenito

      vmware.te vmware.fc vmware_macros.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      vpn +

Chris PeBenito

      vpnc.te vpnc.fc openvpn.te openvpn.fc/td>

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      watchdog

Chris PeBenito

      watchdog.te watchdog.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      webalizer *+

Chris PeBenito

      webalizer.te webalizer.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      winbind *+

Chris PeBenito

      winbind.te winbind.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      xdm *+

Chris PeBenito

      xdm.te xdm.fc xdm_macros.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      xfs +

Chris PeBenito

      xfs.te xfs.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      xprint

Chris PeBenito

      xprint.te xprint.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      xserver +

Chris PeBenito

      xserver.te xserver.fc xserver_macros.te xauth.te xauth.fc xauth_macros.te

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

yam

Chris PeBenito

      yam.te yam.fc

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

      (*) Modules in the Fedora targeted policy

Chris PeBenito

Chris PeBenito

Chris PeBenito

      (+) Modules in the Fedora strict policy

Chris PeBenito

Chris PeBenito

Chris PeBenito

Chris PeBenito

Testing Status

Chris PeBenito

Chris PeBenito

b3e0af

The policy as successfully been booted and can run with a Fedora Core 4

Chris PeBenito

fd637c

installation, using a targeted Reference Policy.  See the

Chris PeBenito

fd637c

switching guide to switch a Fedora system

Chris PeBenito

fd637c

over to targeted Reference policy configuration.

Chris PeBenito

A very minimal RedHat Enterprise Linux 4 system with the following RPMs has

Chris PeBenito

can be successfully booted in enforcing mode, and users can log in locally,

Chris PeBenito

c2ecf0

with a strict Reference Policy:

Chris PeBenito

Chris PeBenito

Chris PeBenito

libgcc-3.4.3-9.EL4

Chris PeBenito

rootfiles-8-1

Chris PeBenito

filesystem-2.3.0-1

Chris PeBenito

termcap-5.4-3

Chris PeBenito

glibc-common-2.3.4-2

Chris PeBenito

bzip2-libs-1.0.2-13

Chris PeBenito

device-mapper-1.00.19-2

Chris PeBenito

elfutils-libelf-0.97-5

Chris PeBenito

expat-1.95.7-4

Chris PeBenito

glib2-2.4.7-1

Chris PeBenito

libattr-2.4.16-3

Chris PeBenito

libcap-1.10-20

Chris PeBenito

libsepol-1.1.1-2

Chris PeBenito

db4-4.2.52-7.1

Chris PeBenito

libtermcap-2.0.8-39

Chris PeBenito

mktemp-1.5-20

Chris PeBenito

iproute-2.6.9-3

Chris PeBenito

less-382-4

Chris PeBenito

pcre-4.5-3

Chris PeBenito

usbutils-0.11-6.1

Chris PeBenito

vim-minimal-6.3.046-0.40E.4

Chris PeBenito

info-4.7-5

Chris PeBenito

diffutils-2.8.1-12

Chris PeBenito

gawk-3.1.3-10.1

Chris PeBenito

coreutils-5.2.1-31

Chris PeBenito

gzip-1.3.3-13

Chris PeBenito

module-init-tools-3.1-0.pre5.3

Chris PeBenito

procps-3.2.3-7EL

Chris PeBenito

sed-4.1.2-4

Chris PeBenito

MAKEDEV-3.15-2

Chris PeBenito

sysklogd-1.4.1-26_EL

Chris PeBenito

cracklib-2.7-29

Chris PeBenito

pam-0.77-65.1

Chris PeBenito

SysVinit-2.85-34

Chris PeBenito

lvm2-2.00.31-1.0.RHEL4

Chris PeBenito

kernel-2.6.9-5.0.5.EL

Chris PeBenito

libuser-0.52.5-1

Chris PeBenito

crontabs-1.10-7

Chris PeBenito

tmpwatch-2.9.1-1

Chris PeBenito

m4-1.4.1-16

Chris PeBenito

mgetty-1.1.31-2

Chris PeBenito

time-1.7-25

Chris PeBenito

dhclient-3.0.1-12_EL

Chris PeBenito

samhain-2.0.6-1

Chris PeBenito

hwdata-0.146.1.EL-1

Chris PeBenito

redhat-logos-1.1.25-1

Chris PeBenito

setup-2.5.37-1.1

Chris PeBenito

basesystem-8.0-4

Chris PeBenito

tzdata-2004e-2

Chris PeBenito

glibc-2.3.4-2

Chris PeBenito

beecrypt-3.1.0-6

Chris PeBenito

chkconfig-1.3.11.2-1

Chris PeBenito

e2fsprogs-1.35-11.6.EL4

Chris PeBenito

ethtool-1.8-4

Chris PeBenito

gdbm-1.8.0-24

Chris PeBenito

iputils-20020927-16

Chris PeBenito

libacl-2.2.23-5

Chris PeBenito

libselinux-1.19.1-7

Chris PeBenito

libstdc++-3.4.3-9.EL4

Chris PeBenito

mingetty-1.07-3

Chris PeBenito

bash-3.0-19.2

Chris PeBenito

ncurses-5.4-13

Chris PeBenito

net-tools-1.60-37

Chris PeBenito

popt-1.9.1-7_nonptl

Chris PeBenito

redhat-release-4AS-2

Chris PeBenito

hotplug-2004_04_01-7.2

Chris PeBenito

zlib-1.2.1.2-1

Chris PeBenito

cpio-2.5-7.EL4.1

Chris PeBenito

findutils-4.1.20-7

Chris PeBenito

grep-2.5.1-31

Chris PeBenito

grub-0.95-3.1

Chris PeBenito

readline-4.3-13

Chris PeBenito

rpm-libs-4.3.3-7_nonptl

Chris PeBenito

shadow-utils-4.0.3-41.1

Chris PeBenito

rpm-4.3.3-7_nonptl

Chris PeBenito

tar-1.14-4

Chris PeBenito

cracklib-dicts-2.7-29

Chris PeBenito

policycoreutils-1.18.1-4

Chris PeBenito

util-linux-2.12a-16.EL4.6

Chris PeBenito

udev-039-10.8.EL4

Chris PeBenito

initscripts-7.93.11.EL-1

Chris PeBenito

mkinitrd-4.1.18-2

Chris PeBenito

passwd-0.68-10

Chris PeBenito

bzip2-1.0.2-13

Chris PeBenito

logrotate-3.7.1-2

Chris PeBenito

libxml2-2.6.16-6

Chris PeBenito

make-3.80-5

Chris PeBenito

iptables-1.2.11-3.1.RHEL4

Chris PeBenito

vixie-cron-4.1-20_EL

Chris PeBenito

comps-4AS-0.20050107

Chris PeBenito