From: Chris PeBenito <chpebeni@linux.microsoft.com>
To: SELinux Reference Policy mailing list
<selinux-refpolicy@vger.kernel.org>,
SElinux mailing list <selinux@vger.kernel.org>
Subject: ANN/RFC: SELinux Reference Policy 3 pre-alpha
Date: Tue, 29 Nov 2022 13:42:17 -0500 [thread overview]
Message-ID: <706efa5c-9ac1-6a56-f6cc-043895de75aa@linux.microsoft.com> (raw)
SELinux Reference Policy 3 is a rewrite using the Cascade policy
language. This new language allows a shift in the approach of the
policy. With the new ability to delete rules as a feature of the
language, the approach in refpolicy3 is to a slightly coarser
granularity than in v2, aimed at making common case usage the main
focus. This includes a focus on creating higher level abstractions
while keeping low level functions for cases where tight least privilege
access is required.
https://github.com/pebenito/refpolicy3
**Refpolicy 2 will continue to be maintained as normal.**
This is pre-alpha quality. It is using the Cascade language which is
also in development. As such, syntax, structure, and API may change at
any time. This is developing in advance of the compiler development, so
you should not expect it to compile at this time.
This is also an RFC. Please review and comment on structure, style, etc.
Now is the time, as the design is not set. We implemented the majority
of kernel and system layers of refpolicy and are eager to hear your
feedback while the policy is still in its early stages so broad changes
are easier.
Please send any discussion to the refpolicy mail list. If you would
like to contribute, pull requests on GitHub are strongly preferred, but
patches on the refpolicy mail list are also accepted.
For more information on the Cascade policy language see:
https://github.com/dburgener/cascade
--
Chris PeBenito
reply other threads:[~2022-11-29 18:42 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=706efa5c-9ac1-6a56-f6cc-043895de75aa@linux.microsoft.com \
--to=chpebeni@linux.microsoft.com \
--cc=selinux-refpolicy@vger.kernel.org \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).