I have back ported the entire selinux tool chain to RHEL4. I have also attempted to create a modular policy to match RHEL4 policy as closely as possible.
These packages are out on
ftp://people.redhat.com/dwalsh/SELinux/RHEL4_MODULAR
If anyone wants to play with these and do some testing that would be great.
There is no commitment from Red Hat to ever ship this. But if it is ever going to ship, we need to find problems with it now.
So if you have a spare RHEL4 box and want to play with modular policy, this is your chance.
Thanks,
Dan
On 3/29/06, Daniel J Walsh dwalsh@redhat.com wrote:
I have back ported the entire selinux tool chain to RHEL4. I have also attempted to create a modular policy to match RHEL4 policy as closely as possible.
These packages are out on
ftp://people.redhat.com/dwalsh/SELinux/RHEL4_MODULAR
If anyone wants to play with these and do some testing that would be great.
Cool. I realize there is no promise but I will try them on a test box. What should I look for in a test plan? Also what is the difference between selinux-policy-2.2.28-1.rhel4.noarch.rpm and selinux-policy-targeted-2.2.28-1.rhel4.noarch.rpm?
There is no commitment from Red Hat to ever ship this. But if it is ever going to ship, we need to find problems with it now.
So if you have a spare RHEL4 box and want to play with modular policy, this is your chance.
Thanks,
Dan
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-- Stephen J Smoogen. CSIRT/Linux System Administrator
Stephen J. Smoogen wrote:
On 3/29/06, Daniel J Walsh dwalsh@redhat.com wrote:
I have back ported the entire selinux tool chain to RHEL4. I have also attempted to create a modular policy to match RHEL4 policy as closely as possible.
These packages are out on
ftp://people.redhat.com/dwalsh/SELinux/RHEL4_MODULAR
If anyone wants to play with these and do some testing that would be great.
Cool. I realize there is no promise but I will try them on a test box. What should I look for in a test plan? Also what is the difference between selinux-policy-2.2.28-1.rhel4.noarch.rpm and selinux-policy-targeted-2.2.28-1.rhel4.noarch.rpm?
Look for regressions. Want to make sure RHEL4 works the same under both. The new policy has some added allows but should not have any ones missing. There are some types that have been eliminated but they were not used.
There is no commitment from Red Hat to ever ship this. But if it is ever going to ship, we need to find problems with it now.
So if you have a spare RHEL4 box and want to play with modular policy, this is your chance.
Thanks,
Dan
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-- Stephen J Smoogen. CSIRT/Linux System Administrator
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
On Thu, 2006-03-30 at 15:00 -0500, Daniel J Walsh wrote:
Stephen J. Smoogen wrote:
On 3/29/06, Daniel J Walsh dwalsh@redhat.com wrote:
I have back ported the entire selinux tool chain to RHEL4. I have also attempted to create a modular policy to match RHEL4 policy as closely as possible.
These packages are out on
ftp://people.redhat.com/dwalsh/SELinux/RHEL4_MODULAR
If anyone wants to play with these and do some testing that would be great.
Cool. I realize there is no promise but I will try them on a test box. What should I look for in a test plan? Also what is the difference between selinux-policy-2.2.28-1.rhel4.noarch.rpm and selinux-policy-targeted-2.2.28-1.rhel4.noarch.rpm?
Look for regressions. Want to make sure RHEL4 works the same under both. The new policy has some added allows but should not have any ones missing. There are some types that have been eliminated but they were not used.
One known thing would be the missing su(do)+pam_login rules. I plan on making a rhel4 distro tunable (which infers the redhat tunable too), to handle things that are in RHEL4, but no longer in newer Red Hat releases.
selinux@lists.fedoraproject.org