F23 System Wide Change: SELinux policy store migration

= Proposed System Wide Change: SELinux policy store migration = https://fedoraproject.org/wiki/Changes/SELinuxPolicyStoreMigration Change owner(s): * Petr Lautrbach <plautrba at redhat dot com> * Miroslav Grepl <mgrepl at redhat dot com> The newest SELinux userspace project release 2015-02-02 includes a change of the location of the SELinux policy store, which defaults to /var/lib/selinux/. == Detailed Description == In the SELinux userspace project release 2015-02-02, the SELinux policy store was moved from /etc/selinux/<store>/modules/ to /var/lib/selinux/<store>/. The new policy store * has a new complex structure * supports priority of modules * the CIL language is used for cached modules * original modules are converted using an HLL compiler in /usr/libexec/selinux/hll/. The pp compiler converts pp format to CIL language. == Scope == * Proposal owners: - prepare SELinux userspace packages with the release 2015-02-02 - prepare SELinux policy packages with the new store location - prepare a migration script for users modifications and modules - check if all packages containing SELinux modules use the right location - check if all SELinux modules used in Fedora packages are compatible with the new SELinux userspace and are convertible to CIL language * Other developers: N/A * Release engineering: N/A * Policies and guidelines: - there's no need to update policies - there might be guidelines which mention the old store location which should be updated * Trademark approval: N/A (not needed for this Change) -- Jan Kuřík