On Thu, 2006-03-30 at 15:00 -0500, Daniel J Walsh wrote:
Stephen J. Smoogen wrote:
> On 3/29/06, Daniel J Walsh <dwalsh(a)redhat.com> wrote:
>> I have back ported the entire selinux tool chain to RHEL4. I have also
>> attempted to create a modular policy to match RHEL4 policy as closely as
>> possible.
>>
>> These packages are out on
>>
>>
ftp://people.redhat.com/dwalsh/SELinux/RHEL4_MODULAR
>>
>> If anyone wants to play with these and do some testing that would be great.
>
> Cool. I realize there is no promise but I will try them on a test box.
> What should I look for in a test plan? Also what is the difference
> between selinux-policy-2.2.28-1.rhel4.noarch.rpm and
> selinux-policy-targeted-2.2.28-1.rhel4.noarch.rpm?
>
>
Look for regressions. Want to make sure RHEL4 works the same under
both. The new policy has some added allows but should not have any ones
missing. There are some types that have been eliminated but they were
not used.
One known thing would be the missing su(do)+pam_login rules. I plan on
making a rhel4 distro tunable (which infers the redhat tunable too), to
handle things that are in RHEL4, but no longer in newer Red Hat
releases.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150