Need testers for Modules policicy on RHEL4
Christopher J. PeBenito
cpebenito at tresys.com
Thu Mar 30 20:59:16 UTC 2006
On Thu, 2006-03-30 at 15:00 -0500, Daniel J Walsh wrote:
> Stephen J. Smoogen wrote:
> > On 3/29/06, Daniel J Walsh <dwalsh at redhat.com> wrote:
> >> I have back ported the entire selinux tool chain to RHEL4. I have also
> >> attempted to create a modular policy to match RHEL4 policy as closely as
> >> possible.
> >>
> >> These packages are out on
> >>
> >> ftp://people.redhat.com/dwalsh/SELinux/RHEL4_MODULAR
> >>
> >> If anyone wants to play with these and do some testing that would be great.
> >
> > Cool. I realize there is no promise but I will try them on a test box.
> > What should I look for in a test plan? Also what is the difference
> > between selinux-policy-2.2.28-1.rhel4.noarch.rpm and
> > selinux-policy-targeted-2.2.28-1.rhel4.noarch.rpm?
> >
> >
> Look for regressions. Want to make sure RHEL4 works the same under
> both. The new policy has some added allows but should not have any ones
> missing. There are some types that have been eliminated but they were
> not used.
One known thing would be the missing su(do)+pam_login rules. I plan on
making a rhel4 distro tunable (which infers the redhat tunable too), to
handle things that are in RHEL4, but no longer in newer Red Hat
releases.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
More information about the selinux
mailing list