Categories
DSSP2

DSSP2 v2.1

I just tagged DSSP2 v2.1. It has been just over three months since I moved the policy from Github and imported DSSP2 as v2.0. Some of the more notable changes since then are:

  • Add policy needed to host DSSP2: Gitweb, git-http-backend, Confined Git shell, Git daemon.
  • The RPM domain has been reworked. Is now more strict in particular when the unconfined module is disabled.
  • Reworked sec_file and auth_file: Added support for conditional access, and removed direct access with shell. You can now only access these files with the appropriate API.
  • Added support for fsnotify (Linux 5.4)
  • Added initial support for audit_enable
  • Did a lot of re-ordering of access vectors to deal with compatibility with legacy interfaces (Debian)
  • DSSP2 works with Debian Buster/Sid (Minimal installation w/o printing server)
  • Some initial work has been done to support “Split” libvirt. Libvirt is splitting into individual socket activatable components and that allows for privilege separation.
  • DSSP2 works with Centos 8.0 (Minimal installation w/o printing server)
  • Some work on making Fedora 31/Centos OS Workstation (Gnome) work. Currently should work for unconfined users, confined users are currently unsupported in the scenario.
  • Support /var/run: After almost 10 years there is still just too much legacy referencing /var/run.
  • Added various new modules

… And much more

Categories
DSSP2

DSSP2 and SELinux 3.0

SELinux 3.0 shaves off 200KiB of the size of the DSSP2 standard kernel policy. I just updated my Fedora buildrpms script.

Categories
Uncategorized

Keep this SHORT

One of my favorite fine wines

Categories
Uncategorized

NEW Website!

… Let’s see how long this one lasts