ANN/RFC: SELinux Reference Policy 3 pre-alpha

SELinux-Refpolicy Archive mirror
 help / color / mirror / Atom feed

From: Chris PeBenito <chpebeni@linux.microsoft.com>
To: SELinux Reference Policy mailing list 
	<selinux-refpolicy@vger.kernel.org>,
	SElinux mailing list <selinux@vger.kernel.org>
Subject: ANN/RFC: SELinux Reference Policy 3 pre-alpha
Date: Tue, 29 Nov 2022 13:42:17 -0500	[thread overview]
Message-ID: <706efa5c-9ac1-6a56-f6cc-043895de75aa@linux.microsoft.com> (raw)

SELinux Reference Policy 3 is a rewrite using the Cascade policy 
language.  This new language allows a shift in the approach of the 
policy.  With the new ability to delete rules as a feature of the 
language, the approach in refpolicy3 is to a slightly coarser 
granularity than in v2, aimed at making common case usage the main 
focus.  This includes a focus on creating higher level abstractions 
while keeping low level functions for cases where tight least privilege 
access is required.

https://github.com/pebenito/refpolicy3

**Refpolicy 2 will continue to be maintained as normal.**

This is pre-alpha quality.  It is using the Cascade language which is 
also in development.  As such, syntax, structure, and API may change at 
any time.  This is developing in advance of the compiler development, so 
you should not expect it to compile at this time.

This is also an RFC. Please review and comment on structure, style, etc. 
Now is the time, as the design is not set.  We implemented the majority 
of kernel and system layers of refpolicy and are eager to hear your 
feedback while the policy is still in its early stages so broad changes 
are easier.

Please send any discussion to the refpolicy mail list.  If you would 
like to contribute, pull requests on GitHub are strongly preferred, but 
patches on the refpolicy mail list are also accepted.

For more information on the Cascade policy language see:

https://github.com/dburgener/cascade

-- 
Chris PeBenito

                 reply	other threads:[~2022-11-29 18:42 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=706efa5c-9ac1-6a56-f6cc-043895de75aa@linux.microsoft.com \
    --to=chpebeni@linux.microsoft.com \
    --cc=selinux-refpolicy@vger.kernel.org \
    --cc=selinux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).