A new, major release of the SELinux Reference Policy is now available on
the Tresys OSS site, http://oss.tresys.com. In this release, the type
enforcement-based role separation was replaced with SELinux user-based
access control (UBAC) role separation. This support deprecates the
per-role templates and rolemap support of the policy. It also breaks
some compatibility in the interfaces API; however, the compatibility for
types and other policy symbols has been preserved.
Due to the magnitude of this change, the Reference Policy version scheme
has slightly changed, by adding a major number (2) to the version.
Previous versions are considered 1.yyyymmdd releases.
The The complete change log for this release follows at the end of the
email.
For people interested in helping Reference Policy development, the X
desktop and role separation needs testing.
* Wed Dec 10 2008 Chris PeBenito <[email protected]> - 2.20081210
- Fix consistency of audioentropy and iscsi module naming.
- Debian file context fix for xen from Russell Coker.
- Xserver MLS fix from Eamon Walsh.
- Add omapi port for dhcpcd.
- Deprecate per-role templates and rolemap support.
- Implement user-based access control for use as role separations.
- Move shared library calls from individual modules to the domain module.
- Enable open permission checks policy capability.
- Remove hierarchy from portage module as it is not a good example of
hierarchy.
- Remove enableaudit target from modular build as semodule -DB supplants it.
- Added modules:
milter (Paul Howarth)
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150