[ANN] Madison policy generation tools

Karl MacMillan kmacmill at redhat.com
Wed Dec 20 17:11:40 UTC 2006


The first public release of the Madison SELinux policy generation tools 
can be found at http://et.redhat.com/madison/. Madison is a new project 
to create command line and GUI policy generation tools that:

   * Create more readable and secure policy by leveraging the reference
     policy development environment.
   * Provide administrators with guidance and information to help them
     make good security decisions.

This release focuses on the creation of a foundation library (in 
python). It only includes a single tool - audit2policy - that is a drop 
in replacement for audit2allow with better reference policy interface 
call generation (using the undocumented -R audit2allow flag).

Contributions are very welcome. I'm looking for help with:

   * Testing (particularly interface call generation and module
     generation)
   * Documenation
   * Unit test creation
   * Code / tool development

See the website for more details on contributing.

To the authors of other policy generation tools: I would like to avoid 
duplication of effort where possible. The current release focuses on 
areas that other tools have not explored thoroughly. Moving forward I 
would to discuss how we can best work together.

Please send any feedback to the selinux development list.

Thanks - Karl




More information about the fedora-selinux-list mailing list