[patch] CUPS 1.2 SELinux policy changes...
Stephen Smalley
sds at tycho.nsa.gov
Mon Nov 14 15:30:26 UTC 2005
On Fri, 2005-11-11 at 10:47 -0500, Michael Sweet wrote:
> [Posting here for lack of a better place...]
Just FYI, selinux at tycho.nsa.gov is the upstream SELinux mailing list.
List info is at http://www.nsa.gov/selinux/info/list.cfm.
fedora-selinux-list is fine too, particularly for Fedora-specific items,
but since your patch was against the sourceforge CVS, it was more likely
suited to the main list.
Various SELinux information resources are listed at
http://selinux.sf.net/resources.php3.
> Attached is a patch against the current selinux.sourceforge.net repo,
> along with an archive of additional files that contain the policies
> for non-CUPS software.
Thanks for working on this, as it would definitely be a win to have the
upstream maintainers of the various software packages helping to
maintain the corresponding policy.
One thing to be aware of is that the current upstream example policy is
in process of being obsoleted by the "reference policy"; see
http://serefpolicy.sourceforge.net/
Rawhide should soon be moving to using the reference policy as its
baseline; some experimental packages have been built over at:
ftp://people.redhat.com/dwalsh/SELinux/refpolicy/
This also introduces the use of the binary/loadable policy module
support that is already in rawhide. This should ultimately allow cups
policy to be provided by a separate package from the base policy,
although that decomposition may not happen until later (e.g. after FC5).
Initially, the current policy may just be built as a single monolothic
policy module and the module support may just be used for third party
packages that are not part of the base Fedora.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list