This phase of reference policy development involves the conversion of policies -from the example strict policy. We have been using the Fedora strict policy -version 1.23.2-1 as a baseline for policy conversion, which is available -on the download page. Then after these policies -are added to reference policy, it can be updated to be in line with current -versions of the NSA example policy. For those who wish to contribute, here -is a listing of modules which need to be converted: +from the example strict policy. We are updating the baseline to NSA CVS. +Modules that are in the targeted policy are the first priority, and modules +in the strict policy, but not targeted are second priority. +For those who wish to contribute, here is a listing of modules which need to be +converted:
| Assigned To | ||||
| amanda | +amanda *+ | amanda.te amanda.fc | ||
| anaconda | +anaconda *+ | anaconda.te anaconda.fc | ||
| apache | +amavis | +amavis.te amavis.fc | ++ | |
| apache *+ | apache.te apache.fc apache_macros.te | Tresys | ||
| arpwatch | +arpwatch *+ | arpwatch.te arpwatch.fc | ||
| automount | +asterisk | +asterisk.te asterisk.fc | ++ | |
| audio-entropy | +audio-entropyd.te audio-entropyd.fc | ++ | ||
| authbind | +authbind.te authbind.fc | ++ | ||
| automount + | automount.te automount.fc | bluetooth | +||
| backup | +backup.te backup.fc | ++ | ||
| bluetooth *+ | bluetooth.te bluetooth.fc | |||
| bonobo | +bonobo + | bonobo.te bonobo.fc bonobo_macros.te | ||
| browser | +browser + | mozilla.te mozilla.fc mozilla_macros.te | ||
| cdrecord | +calamaris | +calabaris.te calamaris.fc | ++ | |
| cdrecord + | cdrecord.te cdrecord.fc cdrecord_macros.te | |||
| certwatch | +certwatch + | certwatch.te certwatch.fc | ||
| cvs | +cipe | +ciped.te ciped.fc | ++ | |
| clamav | +clamav.te clamav.fc | ++ | ||
| courier | +courier.te courier.fc | ++ | ||
| cvs *+ | cvs.te cvs.fc | |||
| cyrus | +cyrus *+ | cyrus.te cyrus.fc | ||
| ddcprobe | +daemontools | +daemontools.te daemontools.fc daemontools_macros.te | +Tresys | +|
| dante | +dante.te dante.fc | ++ | ||
| dcc | +dcc.te dcc.fc | ++ | ||
| ddclient | +ddclient.te ddclient.fc | ++ | ||
| ddcprobe + | ddcprobe.te ddcprobe.fc | |||
| dmidecode | +distcc | +distcc.te distcc.fc | +Tresys | +|
| djbdns | +djbdns.te djbdns.fc | ++ | ||
| dmidecode *+ | dmidecode.te dmidecode.fc | |||
| dovecot | +dnsmasq | +dnsmasq.te dnsmasq.fc | ++ | |
| dpkg | +dpkg.te dpkg.fc | ++ | ||
| dovecot *+ | dovecot.te dovecot.fc | |||
| ethereal | +ethereal + | ethereal.te ethereal.fc ethereal_macros.te | ||
| fetchmail | +evolution + | +evolution.te evolution.fc evolution_macros.te | ++ | |
| fetchmail + | fetchmail.te fetchmail.fc | |||
| finger | +finger *+ | fingerd.te fingerd.fc fingerd_macros.te | ||
| fontconfig | +fontconfig + | fontconfig.te fontconfig.fc | ||
| ftp | +ftp *+ | ftpd.te ftpd.fc | ||
| gconf | +gatekeeper | +gatekeeper.te gatekeeper.fc | ++ | |
| gconf + | gconf.te gconf.fc gconf_macros.te | |||
| games | +games + | games.te games.fc games_domain.te | ||
| gnome | +gift | +gift.te gift.fc gift_macros.te | ++ | |
| gnome + | gnome.te gnome.fc gnome_macros.te gnome_vfs.te gnome_vfs.fc gnome_vfs_macros.te gnome-pty-helper.te gnome-pty-helper.fc gph_macros.te | |||
| iceauth | +iceauth + | iceauth.te iceauth.fc iceauth_macros ice_macros.te(?) | ||
| irc | +imazesrv | +imazesrv.te imazesrv.fc | ++ | |
| irc + | irc.te irc.fc irc_macros.te | |||
| irqbalance | +ircd | +ircd.te ircd.fc | ++ | |
| irqbalance + | irqbalance.te irqbalance.fc | |||
| java | +jabber | +jabberd.te jabberd.fc | ++ | |
| java + | java.te java.fc java_macros.te | |||
| kudzu | +kudzu *+ | kudzu.te kudzu.fc | ||
| lockdev | +lcd | +lcd.te lcd.fc | ++ | |
| lockdev + | lockdev.te lockdev.fc lockdev_macros.te | |||
| mailman | +lrr | +lrrd.te lrrd.fc | ++ | |
| mailman *+ | mailman.te mailman.fc | |||
| mplayer | +monop | +monopd.te monopd.fc | ++ | |
| mplayer + | mplayer.te mplayer.fc mplayer_macros.te | |||
| mrtg | +mrtg + | mrtg.te mrtg.fc | ||
| openct | +nagios | +nagios.te nagios.fc nrpe.te nrpe.fc | ++ | |
| nessus | +nessusd.te nessusd.fc | ++ | ||
| networkmanager *+ | +NetworkManager.te NetworkManager.fc | ++ | ||
| nsd | +nsd.te nsd.fc | ++ | ||
| nx | +nx_server.te nx_server.fc | ++ | ||
| oav-update | +oav-update.te oav-update.fc | ++ | ||
| openca | +openca-ca.te openca-ca.fc | ++ | ||
| openct + | openct.te openct.fc | |||
| orbit | +orbit + | orbit.te orbit.fc orbit_macros.te | ||
| postfix | +perdition | +perdition.te perdition.fc | ++ | |
| portslave | +portslave.te portslave.fc | ++ | ||
| postfix + | postfix.te postfix.fc | |||
| ppp | +ppp *+ | pppd.te pppd.fc | ||
| prelink | +prelink + | prelink.te prelink.fc | ||
| print *+ | cups.te cups.fc lpd.te lpd.fc lpr_macros.te | Tresys | ||
| procmail | +procmail + | procmail.te procmail.fc | ||
| radius | +publicfile | +publicfile.te publicfile.fc | ++ | |
| pxe | +pxe.te pxe.fc | ++ | ||
| pyzor | +pyzor.te pyzor.fc | ++ | ||
| radius *+ | radius.te radius.fc | |||
| radvd | +radvd *+ | radvd.te radvd.fc | ||
| rlogin | +razor | +razor.te razor.fc | ++ | |
| rdisc | +rdisc.te rdisc.fc | ++ | ||
| resmgr | +resmgrd.te resmgrd.fc | ++ | ||
| rlogin *+ | rlogind.te rlogind.fc login_macros.te | Tresys | ||
| sasl | +rpc *+ | +rpcd.te rpcd.fc | ++ | |
| rssh | +rssh.te rssh.fc | ++ | ||
| sasl *+ | saslauthd.te saslauthd.fc | |||
| screen | +scannerdaemon | +scannerdaemon.te scannerdaemon.fc | ++ | |
| screen + | screen.te screen.fc screen_macros.te | |||
| slocate | +slocate + | slocate.te slocate.fc slocate_macros.te | ||
| slrnpull | +slrnpull + | slrnpull.te slrnpull.fc | ||
| sound | -alsa.te alsa.fc sound.te sound.fc | +snort | +snort.te snort.fc | ++ |
| sound + | +alsa.te alsa.fc sound.te sound.fc sound-server.te sound-server.fc | |||
| spamassassin | +spamassassin + | spamassassin.te spamc.te spamd.te spamassassin.fc spamc.fc spamd.fc spamassassin_macros.te | ||
| stunnel | +speedtouch | +speedmgmt.te speedmgmt.fc | ++ | |
| stunnel *+ | stunnel.te stunnel.fc | |||
| sysstat | +sxid | +sxid.te sxid.fc | ++ | |
| sysstat + | sysstat.te sysstat.fc | |||
| telnet | +telnet *+ | telnetd.te telnetd.fc | ||
| thunderbird | +thunderbird + | thunderbird.te thunderbird.fc thunderbird_macros.te mail_client_macros.te | ||
| timidity | +timidity + | timidity.te timidity.fc | ||
| tvtime | +tinydns | +tinydns.te tinydns.fc | ++ | |
| transproxy | +transproxy.te transproxy.fc | ++ | ||
| tripwire | +tripwire.te tripwire.fc | ++ | ||
| tvtime + | tvtime.te tvtime.fc tvtime_macros.te | |||
| uml | -uml.te uml.fc uml_macros.te | +ucspi-tcp | +ucspi-tcp.te ucspi-tcp.fc | |
| userhelper | +uml + | +uml.te uml.fc uml_macros.te uml_net.te uml_net.fc | ++ | |
| uptimed | +uptimed.te uptimed.fc | ++ | ||
| userhelper + | userhelper.te userhelper.fc userhelper_macros.te | |||
| usernetctl | +usernetctl + | usernetctl.te usernetctl.fc | ||
| uucp | +uucp *+ | uucpd.te uucpd.fc | ||
| vmware | +uwimap | +uwimapd.te uwimapd.fc | ++ | |
| vmware + | vmware.te vmware.fc vmware_macros.te | |||
| vpn | -vpnc.te vpnc.fc | +vpn + | +vpnc.te vpnc.fc openvpn.te openvpn.fc/td> + | + |
| watchdog | +watchdog.te watchdog.fc | |||
| webalizer | +webalizer *+ | webalizer.te webalizer.fc | ||
| winbind | +winbind *+ | winbind.te winbind.fc | ||
| xdm | +xdm *+ | xdm.te xdm.fc xdm_macros.te | ||
| xfs | +xfs + | xfs.te xfs.fc | ||
| xserver | +xprint | +xprint.te xprint.fc | ++ | |
| xserver + | xserver.te xserver.fc xserver_macros.te xauth.te xauth.fc xauth_macros.te | |||
| yam | +yam.te yam.fc | ++ | ||
| (*) Modules in the Fedora targeted policy | +||||
| (+) Modules in the Fedora strict policy | +||||