DSSP2 v2.1

DSSP2 v2.1 Released!

I just tagged DSSP2 v2.1. It has been just over three months since I moved the policy from Github and imported DSSP2 as v2.0. Some of the more notable changes since then are:

  • Add policy needed to host DSSP2: Gitweb, git-http-backend, Confined Git shell, Git daemon.
  • The RPM domain has been reworked. Is now more strict in particular when the unconfined module is disabled.
  • Reworked sec_file and auth_file: Added support for conditional access, and removed direct access with shell. You can now only access these files with the appropriate API.
  • Added support for fsnotify (Linux 5.4)
  • Added initial support for audit_enable
  • Did a lot of re-ordering of access vectors to deal with compatibility with legacy interfaces (Debian)
  • DSSP2 works with Debian Buster/Sid (Minimal installation w/o printing server)
  • Some initial work has been done to support “Split” libvirt. Libvirt is splitting into individual socket activatable components and that allows for privilege separation.
  • DSSP2 works with Centos 8.0 (Minimal installation w/o printing server)
  • Some work on making Fedora 31/Centos OS Workstation (Gnome) work. Currently should work for unconfined users, confined users are currently unsupported in the scenario.
  • Support /var/run: After almost 10 years there is still just too much legacy referencing /var/run.
  • Added various new modules

… And much more

Leave a Reply

Your email address will not be published. Required fields are marked *