ANN: Fedora Core 5 SELinux FAQ
Stephen Smalley
sds at tycho.nsa.gov
Wed Mar 29 17:53:34 UTC 2006
On Wed, 2006-03-29 at 10:19 -0700, Stephen J. Smoogen wrote:
> I am trying to go over the questions in here one by one.. as I need to
> work out what could be done for some systems where I work. I have one
> question so far:
>
> Q: What about the strict policy? Does it even work?
> [From the list at release time.. I thought strict policy was broken
> for Core.]
Yes, -strict in FC5 is broken at the moment, although there is ongoing
work to resolve the issues needed to get it working. The breakage isn't
really anything to do with -strict per se, just fully modularized policy
(breaking down even the base policy into lots of individual modules).
> Q: What is the Reference Policy?
>
> [I found I am really confused by this answer.. if my muddled brain
> is getting this correct.. the Reference Policy is the base policy that
> the Fedora Core 5 targeted, strict, mls policies are based off of the
> Reference Policy.. or are there 2 sets of policies shipped with Fedora
> Core 5 some of which are based off of the old set and the others by
> the new set.]
Reference policy is the new source policy tree from which all policy
types (-strict, -targeted, -mls) are being built. Previously, they were
being built from the NSA example policy source tree.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list