Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora SELinux Support (http://www.linux-archive.org/fedora-selinux-support/)
-   -   New features in the SELinux base policy in Fedora 15 and 16 (http://www.linux-archive.org/fedora-selinux-support/546205-new-features-selinux-base-policy-fedora-15-16-a.html)

Marcos Ortiz 06-29-2011 07:07 PM

New features in the SELinux base policy in Fedora 15 and 16
 
Regards to all the list
Where I can find the new features introduced in Fedora 15 and 16 on the
SElinux base policy?
- Bugs fixes
- Support of new applications
- New applications to make the System Administrator's work more easy

I need this information because I'm preparing a talk about "Advanced
PostgreSQL Data Protection with SELinux", so
I want in that moment to comment these new features.

Any advices is welcome.
Thanks a lot for your time

--
Marcos Luís Ortíz Valmaseda
Software Engineer (UCI)
http://marcosluis2186.posterous.com
http://twitter.com/marcosluis2186


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Dominick Grift 06-29-2011 07:48 PM

New features in the SELinux base policy in Fedora 15 and 16
 
On Wed, 2011-06-29 at 15:07 -0400, Marcos Ortiz wrote:
> Regards to all the list
> Where I can find the new features introduced in Fedora 15 and 16 on the
> SElinux base policy?
> - Bugs fixes
> - Support of new applications
> - New applications to make the System Administrator's work more easy
>
> I need this information because I'm preparing a talk about "Advanced
> PostgreSQL Data Protection with SELinux", so
> I want in that moment to comment these new features.
>
> Any advices is welcome.
> Thanks a lot for your time
>

I usually find out whats new in various ways:

1. See the policy git repository for new commits ( bugfixes and support
for new applications)

http://git.fedorahosted.org/git/?p=selinux-policy.git;a=summary

2. See the policycoreutils. libsepol, libmanage, checkpolicy changelogs
for the "user land" related changed.

3. See the nsa.gov selinux maillist archives for SELinux changes in the
kernel.

4. Keep an eye on dwalsh' livejournal blog. He will often touch on new
interesting features.

5. Keep an eye on the tresys.com refpolicy maillist archives for changes
to policy upstream

Some of the things that recently added that i can come up with is:

moving /selinux to /sys/fs/selinux
read policy from /sys/fs/selinux/policy
named file transitions
audit_access capability permission
various new policy module
semanage --equiv option

and everything else i forgot...


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Dominick Grift 06-29-2011 07:48 PM

New features in the SELinux base policy in Fedora 15 and 16
 
On Wed, 2011-06-29 at 15:07 -0400, Marcos Ortiz wrote:
> Regards to all the list
> Where I can find the new features introduced in Fedora 15 and 16 on the
> SElinux base policy?
> - Bugs fixes
> - Support of new applications
> - New applications to make the System Administrator's work more easy
>
> I need this information because I'm preparing a talk about "Advanced
> PostgreSQL Data Protection with SELinux", so
> I want in that moment to comment these new features.
>
> Any advices is welcome.
> Thanks a lot for your time
>

I usually find out whats new in various ways:

1. See the policy git repository for new commits ( bugfixes and support
for new applications)

http://git.fedorahosted.org/git/?p=selinux-policy.git;a=summary

2. See the policycoreutils. libsepol, libmanage, checkpolicy changelogs
for the "user land" related changed.

3. See the nsa.gov selinux maillist archives for SELinux changes in the
kernel.

4. Keep an eye on dwalsh' livejournal blog. He will often touch on new
interesting features.

5. Keep an eye on the tresys.com refpolicy maillist archives for changes
to policy upstream

Some of the things that recently added that i can come up with is:

moving /selinux to /sys/fs/selinux
read policy from /sys/fs/selinux/policy
named file transitions
audit_access capability permission
various new policy module
semanage --equiv option

and everything else i forgot...


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Daniel J Walsh 06-30-2011 04:15 PM

New features in the SELinux base policy in Fedora 15 and 16
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/30/2011 02:10 PM, Miroslav Grepl wrote:
> On 06/29/2011 07:48 PM, Dominick Grift wrote:
>>
>> On Wed, 2011-06-29 at 15:07 -0400, Marcos Ortiz wrote:
>>> Regards to all the list
>>> Where I can find the new features introduced in Fedora 15 and 16 on the
>>> SElinux base policy?
>>> - Bugs fixes
>>> - Support of new applications
>>> - New applications to make the System Administrator's work more easy
>>>
>>> I need this information because I'm preparing a talk about "Advanced
>>> PostgreSQL Data Protection with SELinux", so
>>> I want in that moment to comment these new features.
>>>
>>> Any advices is welcome.
>>> Thanks a lot for your time
>>>
>> I usually find out whats new in various ways:
>>
>> 1. See the policy git repository for new commits ( bugfixes and support
>> for new applications)
>>
>> http://git.fedorahosted.org/git/?p=selinux-policy.git;a=summary
>>
>> 2. See the policycoreutils. libsepol, libmanage, checkpolicy changelogs
>> for the "user land" related changed.
>>
>> 3. See the nsa.gov selinux maillist archives for SELinux changes in the
>> kernel.
>>
>> 4. Keep an eye on dwalsh' livejournal blog. He will often touch on new
>> interesting features.
>>
>> 5. Keep an eye on the tresys.com refpolicy maillist archives for changes
>> to policy upstream
>>
>> Some of the things that recently added that i can come up with is:
>>
>> moving /selinux to /sys/fs/selinux
>> read policy from /sys/fs/selinux/policy
>> named file transitions
> https://fedoraproject.org/wiki/Features/SELinuxFileNameTransition
>> audit_access capability permission
>> various new policy module
>> semanage --equiv option
>>
>> and everything else i forgot...
>>
>>
>>
>>
>> --
>> selinux mailing list
>> selinux@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux


You can also get a list of permissive domains for each release which
gives you a good idea of the new confined domains being developed for
that release.

F16 shows

abrt_retrace_coredump_t
abrt_retrace_worker_exec_t
callweaver_t
dspam_t
fail2ban_client_t
gnomeclock_systemctl_t
lldpad_t
mscan_t
puppetca_t
pyicqt_t
rhev_agentd_t
sanlock_t
telepathy_logger_t
traffic_cop_t
traffic_manager_t
traffic_server_t
wdmd_t
zarafa_indexer_t


F15 Shows

gnomeclock_systemctl_t
telepathy_gabble_t
telepathy_sofiasip_t
mock_t
keyboardd_t
telepathy_idle_t
telepathy_mission_control_t
matahari_serviced_t
telepathy_salut_t
zarafa_indexer_t
firewalld_t
telepathy_sunshine_t
colord_t
telepathy_stream_engine_t
systemd_notify_t
systemd_passwd_agent_t
mozilla_plugin_t
matahari_hostd_t
matahari_netd_t
passenger_t
systemd_tmpfiles_t
foghorn_t
telepathy_msn_t
namespace_init_t


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk4MoSMACgkQrlYvE4MpobMgGACfQ15FFGLSrX ROEqXjCz3fFk7u
3/4AoNViLWCkcJ55Lq5ajAa7pa3VEWiG
=Kf8L
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Miroslav Grepl 06-30-2011 06:10 PM

New features in the SELinux base policy in Fedora 15 and 16
 
On 06/29/2011 07:48 PM, Dominick Grift wrote:



On Wed, 2011-06-29 at 15:07 -0400, Marcos Ortiz wrote:


Regards to all the list
Where I can find the new features introduced in Fedora 15 and 16 on the
SElinux base policy?
- Bugs fixes
- Support of new applications
- New applications to make the System Administrator's work more easy

I need this information because I'm preparing a talk about "Advanced
PostgreSQL Data Protection with SELinux", so
I want in that moment to comment these new features.

Any advices is welcome.
Thanks a lot for your time




I usually find out whats new in various ways:

1. See the policy git repository for new commits ( bugfixes and support
for new applications)

http://git.fedorahosted.org/git/?p=selinux-policy.git;a=summary

2. See the policycoreutils. libsepol, libmanage, checkpolicy changelogs
for the "user land" related changed.

3. See the nsa.gov selinux maillist archives for SELinux changes in the
kernel.

4. Keep an eye on dwalsh' livejournal blog. He will often touch on new
interesting features.

5. Keep an eye on the tresys.com refpolicy maillist archives for changes
to policy upstream

Some of the things that recently added that i can come up with is:

moving /selinux to /sys/fs/selinux
read policy from /sys/fs/selinux/policy
named file transitions


https://fedoraproject.org/wiki/Features/SELinuxFileNameTransition


audit_access capability permission
various new policy module
semanage --equiv option

and everything else i forgot...





--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux





--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Marcos Ortiz 06-30-2011 06:55 PM

New features in the SELinux base policy in Fedora 15 and 16
 
Thanks to all for the quick responses.





On 06/30/2011 01:40 PM, Miroslav Grepl wrote:


On 06/29/2011 07:48 PM, Dominick Grift wrote:


On Wed, 2011-06-29 at 15:07 -0400, Marcos Ortiz wrote:


Regards to all the list
Where I can find the new features introduced in Fedora 15 and 16 on the
SElinux base policy?
- Bugs fixes
- Support of new applications
- New applications to make the System Administrator's work more easy

I need this information because I'm preparing a talk about "Advanced
PostgreSQL Data Protection with SELinux", so
I want in that moment to comment these new features.

Any advices is welcome.
Thanks a lot for your time



I usually find out whats new in various ways:

1. See the policy git repository for new commits ( bugfixes and support
for new applications)

http://git.fedorahosted.org/git/?p=selinux-policy.git;a=summary

2. See the policycoreutils. libsepol, libmanage, checkpolicy changelogs
for the "user land" related changed.

3. See the nsa.gov selinux maillist archives for SELinux changes in the
kernel.

4. Keep an eye on dwalsh' livejournal blog. He will often touch on new
interesting features.

5. Keep an eye on the tresys.com refpolicy maillist archives for changes
to policy upstream



Dominick, I'm trying to follow your steps to
develop the SELinux's policy for PgPool-II.

When I finish, I'll send to all you the files (pgpool2.{fc,te})

Regards




Some of the things that recently added that i can come up with is:

moving /selinux to /sys/fs/selinux
read policy from /sys/fs/selinux/policy
named file transitions


https://fedoraproject.org/wiki/Features/SELinuxFileNameTransition


audit_access capability permission
various new policy module
semanage --equiv option

and everything else i forgot...




--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux






--
Marcos Luís Ortíz Valmaseda
Software Engineer (UCI)
http://marcosluis2186.posterous.com
http://twitter.com/marcosluis2186




--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Dominick Grift 06-30-2011 07:21 PM

New features in the SELinux base policy in Fedora 15 and 16
 
On Thu, 2011-06-30 at 14:25 -0430, Marcos Ortiz wrote:
> Dominick, I'm trying to follow your steps to develop the SELinux's
> policy for PgPool-II.
> When I finish, I'll send to all you the files (pgpool2.{fc,te})
> Regards

Ok if you need some interactive guidance feel free to come see me on
irc.freenode.org in #fedora-selinux
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux


All times are GMT. The time now is 04:24 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.