Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1245345rwb; Tue, 29 Nov 2022 10:46:33 -0800 (PST) X-Google-Smtp-Source: AA0mqf72JhWN9jeofPsNHNAgP5X9EH4EIGnRQoEJVBAeKq382TWOoTvKGzrcO6UevXNXR+rmtzUU X-Received: by 2002:a17:90a:f112:b0:218:c296:b617 with SMTP id cc18-20020a17090af11200b00218c296b617mr43016010pjb.132.1669747593797; Tue, 29 Nov 2022 10:46:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669747593; cv=none; d=google.com; s=arc-20160816; b=ey0Fa9KmpmC9tAuAa5TmnU91O8CpJot4mpw2A+snnDusxqAlAbS3/gxLHI9PKCZ0n5 tZcsQpWq2T0q2SAgYUAo4ZuROlwUxoCgE+eGaxxllZAk7N5r7Zk6WYNnBiEldheQwqz/ oST60NEpe2XACaLwFN5IK9xD+IbRc1jwqJdReHGHJtYpKU/AgWsZ3YNo0YciYod6xfKT XtzbGakX0L9/0yMeikp3SJsKhZ3bDGq+V9hgghLkynA5F0s5qP5du1WRI9pWGMmF4tkc XCWCwoAyKDIx8qmL3dHnNhvChM6gaO+dKcqUHzdvvqcNfaf9jNyQXcuQvupDeubU+BYI WcLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:to:subject:from :content-language:user-agent:mime-version:date:message-id :dkim-signature:dkim-filter; bh=HU3r7mMp1QI/x9OFKaDjqV1d24/o/ENojGhZdVsP9tI=; b=XTuggzYFrfbixbc5ds5kzn9bk45PCcAbs90RtCIRhXRSknGP5bqT4ghU2ieg6Uf5ft c0MXUujQUQpgoa6ts80WW6t+1pfWL8TQWE5Xko7nazrIPN0qlRErCfB2+tH8ccs5HaX7 EZUCmiF/RDzcwhY+UfJIOXVYdu9vvPNydWJFM8VGT5UAeh8Z66cBB7fttbm2yY1aRFtJ 3xxuh4AeOd6MBYC0sQgNLy3WxnpHvutc7CTDV7alj0F2Me7q2mYH4Ph/4aE9mKUE7p4r AKy2wAMLDHfVBGukfGWYJLwNFwbkQCt6ElZGOjGyCcLSDR08gPliljLEdGVbbJz9VuQ4 MqOQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=TSqEGcG5; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id pf12-20020a17090b1d8c00b002008d0b0838si2330141pjb.178.2022.11.29.10.46.29; Tue, 29 Nov 2022 10:46:33 -0800 (PST) Received-SPF: pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=TSqEGcG5; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235056AbiK2SmV (ORCPT + 21 others); Tue, 29 Nov 2022 13:42:21 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51814 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232988AbiK2SmU (ORCPT ); Tue, 29 Nov 2022 13:42:20 -0500 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 6FB394D5FB; Tue, 29 Nov 2022 10:42:19 -0800 (PST) Received: from [192.168.254.13] (unknown [68.33.139.110]) by linux.microsoft.com (Postfix) with ESMTPSA id D792420B717A; Tue, 29 Nov 2022 10:42:18 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com D792420B717A DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1669747339; bh=HU3r7mMp1QI/x9OFKaDjqV1d24/o/ENojGhZdVsP9tI=; h=Date:From:Subject:To:From; b=TSqEGcG5jLincQ5g+F82azBCSDK+4ryL13evZ+2LWBFQS9ORszGDRrWCx5qiyDOC2 e5Lqv/8wz3xTHboTL/5Hr04wutIu1/oPdAJkWR7+iHqx3zzVKPR7XskrZefx9Zv2AN D+OejHOWGzZ0UZn06wwQ1fjplq8uotB67un9vQzo= Message-ID: <706efa5c-9ac1-6a56-f6cc-043895de75aa@linux.microsoft.com> Date: Tue, 29 Nov 2022 13:42:17 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.13.1 Content-Language: en-US From: Chris PeBenito Subject: ANN/RFC: SELinux Reference Policy 3 pre-alpha To: SELinux Reference Policy mailing list , SElinux mailing list Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-19.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_MED, SPF_HELO_PASS,SPF_PASS,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org SELinux Reference Policy 3 is a rewrite using the Cascade policy language. This new language allows a shift in the approach of the policy. With the new ability to delete rules as a feature of the language, the approach in refpolicy3 is to a slightly coarser granularity than in v2, aimed at making common case usage the main focus. This includes a focus on creating higher level abstractions while keeping low level functions for cases where tight least privilege access is required. https://github.com/pebenito/refpolicy3 **Refpolicy 2 will continue to be maintained as normal.** This is pre-alpha quality. It is using the Cascade language which is also in development. As such, syntax, structure, and API may change at any time. This is developing in advance of the compiler development, so you should not expect it to compile at this time. This is also an RFC. Please review and comment on structure, style, etc. Now is the time, as the design is not set. We implemented the majority of kernel and system layers of refpolicy and are eager to hear your feedback while the policy is still in its early stages so broad changes are easier. Please send any discussion to the refpolicy mail list. If you would like to contribute, pull requests on GitHub are strongly preferred, but patches on the refpolicy mail list are also accepted. For more information on the Cascade policy language see: https://github.com/dburgener/cascade -- Chris PeBenito