APT, Yum and Red Carpet

Michael K. Johnson johnsonm at redhat.com
Wed Aug 13 19:15:26 UTC 2003


On Wed, Aug 13, 2003 at 03:05:52PM +0100, Paul Nasrat wrote:
> On Wed, Aug 13, 2003 at 07:52:57AM -0600, Chris Ricker wrote:
> > <re-routed to devel list>
>  
> > Speaking of which, is there any interest in incorporating RSBAC (preferably) 
> > or SELinux into RHLP, long-term?
> 
> SELinux architecture has been merged in 2.6.0-test3, so I imagine that
> Cambridge++ will have that SELinux in it.

Well, the technology exists in the kernel source tree, and we
encouraged its inclusion in the mainline tree.  But SELinux has
other components, particularly userland code changes and policy.
Policy management is a major job in and of itself.  Also, there's
a performance cost to enabling SELinux that needs to be considered.

As I've mentioned before, upstream acceptance is a key point; this
distinguishes SELinux.  In addition, Red Hat is specifically working
on SELinux, as mentioned in a webcast we did recently:
https://www.redhat.com/apps/webform.html?event_type=webcast&eid=225
And the top search response on SELinux on our web site is this page:
http://www.redhat.com/solutions/security/SELinux.html

We haven't made a committment to include SELinux in Cambridge++,
nor to not include it.  :-)  We're certainly actively working on
SELinux, and if there are like-minded developers who want to, say,
participate with us in doing policy work, speak up, and maybe it
will make sense.

I'm personally curious: how many people on this list have worked on
SELinux policy and/or policy tools?

michaelkjohnson

 "He that composes himself is wiser than he that composes a book."
 Linux Application Development                     -- Ben Franklin
 http://people.redhat.com/johnsonm/lad/





More information about the devel mailing list