Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing List
subject: ANN: Updated SELinux Release Date: Wed, 07 Dec 2005 15:28:41 -0500
This release is based on Linux 2.6.14. The SELinux kernel patch for 2.6.14 includes support for canonicalization of getxattr results by SELinux, support for userspace to obtain canonical contexts via selinuxfs, a compatibility fix for MLS file contexts on non-MLS systems, and a fix to prevent setting SELinux attributes on inodes created in mountpoint labeled filesystems. All of these changes have already been upstreamed into Linus' git tree for inclusion in 2.6.15. In userspace, a number of enhancements to the libraries and utilities have been merged. These enhancements include support for mapping Linux users to SELinux users and ranges via seusers without requiring policy modifications, a major reworking of the policy management and policy module support including major updates to libsepol, checkpolicy, libsemanage and policycoreutils, and centralization of and improvements to the policy loading logic. Note that pam_selinux and SELinux userland patches for programs such as gdm, sshd, and crond have been modified in order to take advantage of the seusers mechanism for mapping Linux users to SELinux users and ranges. Similarly, the SELinux patch for SysVinit has been modified in order to use the new policy loading logic provided by libselinux. Please refer to the Fedora Core public CVS tree for updated SELinux userland patches in order to port these updates to other distributions as appropriate. With regard to the policy management and module support, this release introduces the first version of libsemanage to provide a shared library and that includes support for managing some (but not yet all) non-module policy components. Note that the policy module package format has changed incompatibly since the prior nsa.gov SELinux release, as discussed on the list, but any future changes will provide proper compatibility support. The module utilities have been significantly overhauled and manual pages have been created for them. setsebool has been reworked to include support for the policy management infrastructure. audit2allow has been rewritten in python and extended to support generation of policy modules. genhomedircon has been partly converted to support the policy management infrastructure; there is still a lingering issue with expanding the ROLE macro in homedir_template for users, so manual updating of file_contexts.homedirs is necessary for non-user_r users if using policy managed via libsemanage. Although this release includes an updated copy of the example policy, this will likely be the last such release before a final snapshot of the example policy is archived to the historical versions page. Further work on this policy has been superseded by the SELinux reference policy project, see http://serefpolicy.sourceforge.net.
--
--
|
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |