SEBSD policy version and userland support
Joshua Brindle
method at gentoo.org
Sun Oct 17 15:10:58 GMT 2004
I have some questions about the SEBSD policy and userland. I've been
using SELinux for quite a while and just started playing with SEBSD. The
first thing I noticed was that the policy version claims to be version
16 but there are no conditionals. Are the policy versions in SEBSD not
aligned with policy versions in SELinux? In that case are the binaries
not longer portable?
Looking at the SEBSD module, it seems like the current security server
is simply dropped in from Linux, with some #defines in linux-compat.h to
fix obvious kernel differences. If thats the case it shouldn't be
difficult at all to replace the current BSD security server with the
Linux one which supports conditionals.
Further, I am now employed at Tresys Technology doing work on SELinux
policy modules and other projects. I was hoping this work could be
(easily) directly applied to SEBSD and used with few changes but it
seems like the SEBSD userland is in a very different state than SELinux.
SELinux recently made a change to the parser to move almost all the
reading/writing functions into libsepol which made all this
significantly easier. Are there plans to do this with the BSD policy
parser as well?
Here is the specification for the module work
http://www.tresys.com/Downloads/selinux_dev/Policy_Modules_Specification.pdf
Joshua Brindle
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list