The long-awaited (and long-overdue) policy changes for systemd are ready
to be merged. Because of the size of the changes, I have done this as
GitHub pull requests. [1][2]
The policy was written against a RHEL7 system, so it likely needs more
work to get it fully up to speed on today's systemd and on other
distributions.
Credits:
* Major contributions to the policy were from Mike Palmiotto of the
Tresys CLIP team.
* Dominick Grift has provided review and feedback as it was developed
* Laurent Bigonville also made some contributions.
The purpose of this notice is to allow for comment, in case there are
concerns about the overall structure. If you have concerns about
individual rules, we can address them after the policy is merged.
I plan to merge the policy Friday afternoon (UTC -4).
[1] https://github.com/TresysTechnology/refpolicy/pull/8
[2] https://github.com/TresysTechnology/refpolicy-contrib/pull/4
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Mon, Oct 19, 2015 at 02:17:51PM -0400, Christopher J. PeBenito wrote:
> The long-awaited (and long-overdue) policy changes for systemd are ready
> to be merged. Because of the size of the changes, I have done this as
> GitHub pull requests. [1][2]
>
> The policy was written against a RHEL7 system, so it likely needs more
> work to get it fully up to speed on today's systemd and on other
> distributions.
>
> Credits:
> * Major contributions to the policy were from Mike Palmiotto of the
> Tresys CLIP team.
> * Dominick Grift has provided review and feedback as it was developed
> * Laurent Bigonville also made some contributions.
With all respect to all of the above for their appreciated work on this. I prefer to
not have my name associated with this.
Yes I did some reviewing but all within some boundaries. What I mean is
that by reviewing it, and by having some of my concerns address, I do
not automatically endorse or support this implementation.
I am not saying that this policy is bad in any way. I am just saying that I would
have (and I actually have) done this differently, and that I cannot in good faith sign off on
it.
>
> The purpose of this notice is to allow for comment, in case there are
> concerns about the overall structure. If you have concerns about
> individual rules, we can address them after the policy is merged.
>
> I plan to merge the policy Friday afternoon (UTC -4).
>
> [1] https://github.com/TresysTechnology/refpolicy/pull/8
> [2] https://github.com/TresysTechnology/refpolicy-contrib/pull/4
>
> --
> Chris PeBenito
> Tresys Technology, LLC
> http://www.tresys.com | oss.tresys.com
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
- --
02DFF788
4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788
https://sks-keyservers.net/pks/lookup?op=get&search=0x314883A202DFF788
Dominick Grift
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQGcBAEBCgAGBQJWJibmAAoJENAR6kfG5xmcZ8sL/30IaOH/1BPh/UFIR//jBgiy
CCJkj9Aoq1PX8s5BmOZzH/4aiZqn7azK+2JmsLcV+LrsxTcv6q1aG4R9V7GDN/fd
mOjmrCov0+p6XxdgY91RsvhNHsabhC/nNI4/zz5oSAT2Xd6BcxNQI0gj+eXWaYMA
gGQ6U/totYsuhKM0UcmQOsHxr9DJ+N/eUjP7oMAVQipU6SCLy4G9YFM7ee/e+HJ4
8DfE4TRZFyD2QQJleZhgB+9qM466kAdFlqCdvKMgpzgQcpgqcvJaMcDtBm1dPAC9
k5KSU5L7vEkknhrYFuNotiWHdNIDB13PMO6qrgKTbs6YSUoDdKDaq/yGcFG/jsm9
PG0ig4V/Dy4LCKtoDLcKyQmMIIIA4oJDVYYE+iVoyXJ/PnTLuzMa1Jfux+e7fnqz
+3RGevOIlRZlDQN+DpdbtkGuOBOn9vMXfA5X/VO1obUoWdzIRZrTzR40D14lJPzL
508KahWvoW9HtP6h3p1fEyOJla8MT2IBntFeXgoUHg==
=4FBU
-----END PGP SIGNATURE-----
On 10/19/2015 2:17 PM, Christopher J. PeBenito wrote:
> The long-awaited (and long-overdue) policy changes for systemd are ready
> to be merged. Because of the size of the changes, I have done this as
> GitHub pull requests. [1][2]
This has been merged. There were several revisions of the original
patches and a few known issues that came from the final reviews (see the
github bug tracker[3] for more info)
> The policy was written against a RHEL7 system, so it likely needs more
> work to get it fully up to speed on today's systemd and on other
> distributions.
>
> Credits:
> * Major contributions to the policy were from Mike Palmiotto of the
> Tresys CLIP team.
> * Laurent Bigonville also made some contributions.
>
> The purpose of this notice is to allow for comment, in case there are
> concerns about the overall structure. If you have concerns about
> individual rules, we can address them after the policy is merged.
>
> I plan to merge the policy Friday afternoon (UTC -4).
>
> [1] https://github.com/TresysTechnology/refpolicy/pull/8
> [2] https://github.com/TresysTechnology/refpolicy-contrib/pull/4
[3] https://github.com/TresysTechnology/refpolicy/issues
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com