selinux.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Christopher J. PeBenito" <cpebenito@tresys.com>
To: SELinux Mail List <selinux@tycho.nsa.gov>
Subject: ANN: Reference Policy Release
Date: Tue, 12 Dec 2006 17:35:42 -0500	[thread overview]
Message-ID: <1165962942.11553.46.camel@sgc> (raw)

A new release of the SELinux Reference Policy is now available on the
Tresys OSS site, http://oss.tresys.com.  The primary change in this
release is the addition of support macros for common policy patterns.
These support macros create a blueprint of rules for a more abstract
access (for example, manage_files_pattern), and are similar to the old
rw_dir_create_file() and r_dir_file() macros of the example policy.
Policy patterns and new permission sets have been created for each
filesystem-based object class individually (file, lnk_file, dir, etc.),
so if a permission set change is needed for a particular class it will
not affect other classes.  As a result, the old permission sets
create_dir_perms and create_file_perms have changed; manage_dir_perms
and manage_file_perms should be used instead.  The complete change log
for this release follows at the bottom of the email.

For those that are interested in contributing, right now the best help
would be to test the strict policy.

* Tue Dec 12 2006 Chris PeBenito <selinux@tresys.com> - 20061212
- Add policy patterns support macros.  This changes the behavior of
  the create_dir_perms and create_file_perms permission sets.
- Association polmatch MLS constraint making unlabeled_t an exception
  is no longer needed, patch from Venkat Yekkirala.
- Context contains checking for PAM and cron from James Antill.
- Add a reload target to Modules.devel and change the load
  target to only insert modules that were changed.
- Allow semanage to read from /root on strict non-MLS for
  local policy modules.
- Gentoo init script fixes for udev.
- Allow udev to read kernel modules.inputmap.
- Dnsmasq fixes from testing.
- Allow kernel NFS server to getattr filesystems so df can work
  on clients.
- Patch from Matt Anderson for a MLS constraint exemption on a
  file that can be written to from a subject whose range is
  within the object's range.
- Enhanced setransd support from Darrel Goeddel.
- Patches from Dan Walsh:
        Tue, 24 Oct 2006
        Wed, 29 Nov 2006
- Added modules:
        aide (Matt Anderson)
        ccs (Dan Walsh)
        iscsi (Dan Walsh)
        ricci (Dan Walsh)


-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

             reply	other threads:[~2006-12-12 22:35 UTC|newest]

Thread overview: 43+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-12-12 22:35 Christopher J. PeBenito [this message]
  -- strict thread matches above, loose matches on Subject: below --
2019-02-01 20:22 ANN: Reference Policy release Chris PeBenito
2018-07-01 17:40 Chris PeBenito
2017-02-04 19:02 ANN: Reference Policy Release Chris PeBenito
2016-10-23 21:29 Chris PeBenito
2016-11-02  4:13 ` Russell Coker
2016-11-02 22:19   ` Chris PeBenito
2015-12-08 15:49 Christopher J. PeBenito
2014-12-03 19:31 Christopher J. PeBenito
2014-03-11 13:33 Christopher J. PeBenito
2013-04-24 20:56 Christopher J. PeBenito
2012-07-26 16:41 Christopher J. PeBenito
2012-02-15 20:19 Christopher J. PeBenito
2011-07-26 18:44 Christopher J. PeBenito
2010-12-14 16:39 Christopher J. PeBenito
2010-05-25 20:02 Christopher J. PeBenito
2009-11-17 15:28 Christopher J. PeBenito
2009-07-30 18:45 Christopher J. PeBenito
2008-12-10 20:24 Christopher J. PeBenito
2008-10-14 18:34 Christopher J. PeBenito
2008-07-02 15:37 Christopher J. PeBenito
2008-04-02 18:14 Christopher J. PeBenito
2007-12-14 18:56 Christopher J. PeBenito
2007-09-28 15:19 Christopher J. PeBenito
2007-10-02 15:29 ` Shintaro Fujiwara
2007-06-29 17:30 Christopher J. PeBenito
2007-04-17 15:07 Christopher J. PeBenito
2007-04-19 20:45 ` Manoj Srivastava
2007-04-19 20:56   ` Karl MacMillan
2007-04-19 23:10     ` Manoj Srivastava
2006-10-19 12:57 Christopher J. PeBenito
2006-03-07 15:28 Christopher J. PeBenito
2006-01-17 21:31 Christopher J. PeBenito
2005-12-07 16:40 Christopher J. PeBenito
2005-12-15 22:28 ` Serge E. Hallyn
2005-12-16 17:59   ` Daniel J Walsh
2005-12-18 23:20   ` Serge E. Hallyn
2006-01-03 15:48   ` Christopher J. PeBenito
2005-10-19 21:50 Christopher J. PeBenito
2005-09-22 20:56 Christopher J. PeBenito
2005-09-07 17:22 Christopher J. PeBenito
2005-08-26 15:57 Christopher J. PeBenito
2005-08-02 15:49 Christopher J. PeBenito

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1165962942.11553.46.camel@sgc \
    --to=cpebenito@tresys.com \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).