1 |
On Tue, 2003-10-21 at 08:43, Chris PeBenito wrote: |
2 |
> Announcing the new SELinux API |
3 |
|
4 |
The transition to the new API has been completed. All of the old API |
5 |
patches, policy, and other stuff has been removed, and the new patches |
6 |
are in. I checked, and they should be on the mirrors. |
7 |
|
8 |
Thanks to the people that helped test. |
9 |
|
10 |
A few notes: |
11 |
|
12 |
* Make sure you have the newest portage, as there is a fix for a |
13 |
sandbox violation in 2.0.49-r15. |
14 |
|
15 |
* Strict manifest checking for portage and secure filesystem |
16 |
permissions have been enabled in the profile (FEATURES="strict |
17 |
sfperms"). This is a hardened profile after all. :) |
18 |
|
19 |
* Method worked hard on the new python-selinux. We've done a bunch of |
20 |
testing on it, and it should work better than the old one. The new API |
21 |
is simpler than the old one, which made things easier. |
22 |
|
23 |
* The upcoming hardened-sources-2.4.22 will have the new API. |
24 |
Hopefully that will be available soon. |
25 |
|
26 |
* The ...security directories, which are located at the root of each |
27 |
filesystem, can be removed. The old API used this directory to store the |
28 |
file labels. The new API stores file labels in extended attributes, thus |
29 |
...security is no longer used. |
30 |
|
31 |
* The few daemon policies will be updated in the next couple days. |
32 |
|
33 |
* app-admin/setools has a new version that has tools to work on the new |
34 |
API. Portage will show it as a downgrade, because upstream they changed |
35 |
the versioning scheme. Setools requires X, but not SELinux, so you can |
36 |
use it on a regular workstation, to edit or analyze your policy. |
37 |
|
38 |
|
39 |
-- |
40 |
Chris PeBenito |
41 |
<pebenito@g.o> |
42 |
Developer, SELinux |
43 |
Hardened Gentoo Linux |
44 |
|
45 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
46 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |