F23 System Wide Change: SELinux policy store migration

[Jan Kurik]

= Proposed System Wide Change: SELinux policy store migration =
https://fedoraproject.org/wiki/Changes/SELinuxPolicyStoreMigration

Change owner(s):
* Petr Lautrbach <plautrba at redhat dot com>
* Miroslav Grepl <mgrepl at redhat dot com>

The newest SELinux userspace project release 2015-02-02 includes a change of the location of the SELinux policy store, which defaults to /var/lib/selinux/. 

== Detailed Description ==
In the SELinux userspace project release 2015-02-02, the SELinux policy store was moved from /etc/selinux/<store>/modules/ to /var/lib/selinux/<store>/.
The new policy store
 * has a new complex structure
 * supports priority of modules
 * the CIL language is used for cached modules
 * original modules are converted using an HLL compiler in /usr/libexec/selinux/hll/. The pp compiler converts pp format to CIL language. 

== Scope ==
* Proposal owners:
    - prepare SELinux userspace packages with the release 2015-02-02
    - prepare SELinux policy packages with the new store location
    - prepare a migration script for users modifications and modules
    - check if all packages containing SELinux modules use the right location
    - check if all SELinux modules used in Fedora packages are compatible with the new SELinux userspace and are convertible to CIL language 
* Other developers: N/A 
* Release engineering: N/A 
* Policies and guidelines:
    - there's no need to update policies
    - there might be guidelines which mention the old store location which should be updated 
* Trademark approval: N/A (not needed for this Change) 
-- 
Jan Kuřík
_______________________________________________
devel-announce mailing list
devel-announce at lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel-announce