On Wed, 2006-03-29 at 10:19 -0700, Stephen J. Smoogen wrote:
I am trying to go over the questions in here one by one.. as I need
to
work out what could be done for some systems where I work. I have one
question so far:
Q: What about the strict policy? Does it even work?
[From the list at release time.. I thought strict policy was broken
for Core.]
Yes, -strict in FC5 is broken at the moment, although there is ongoing
work to resolve the issues needed to get it working. The breakage isn't
really anything to do with -strict per se, just fully modularized policy
(breaking down even the base policy into lots of individual modules).
Q: What is the Reference Policy?
[I found I am really confused by this answer.. if my muddled brain
is getting this correct.. the Reference Policy is the base policy that
the Fedora Core 5 targeted, strict, mls policies are based off of the
Reference Policy.. or are there 2 sets of policies shipped with Fedora
Core 5 some of which are based off of the old set and the others by
the new set.]
Reference policy is the new source policy tree from which all policy
types (-strict, -targeted, -mls) are being built. Previously, they were
being built from the NSA example policy source tree.
--
Stephen Smalley
National Security Agency