From Fedora Project Wiki
(Created page with "<!-- Self Contained or System Wide Change Proposal? Use this guide to determine to which category your proposed change belongs to. Self Contained Changes are: * changes to is...")
 
Line 21: Line 21:
  
 
<!-- The actual name of your proposed change page should look something like: Changes/Your_Change_Proposal_Name.  This keeps all change proposals in the same namespace -->
 
<!-- The actual name of your proposed change page should look something like: Changes/Your_Change_Proposal_Name.  This keeps all change proposals in the same namespace -->
= A new location of SELinux modules store and CIL languague =  
+
= A new location for SELinux policy store root and CIL languague =  
  
 
== Summary ==
 
== Summary ==
Line 60: Line 60:
  
 
== Detailed Description ==
 
== Detailed Description ==
 +
 +
  
 
<!-- Expand on the summary, if appropriate.  A couple sentences suffices to explain the goal, but the more details you can provide the better. -->
 
<!-- Expand on the summary, if appropriate.  A couple sentences suffices to explain the goal, but the more details you can provide the better. -->
Line 65: Line 67:
 
== Benefit to Fedora ==
 
== Benefit to Fedora ==
  
+
The implementations bring some big system/distribution improvements against the current state (policy.29 + Fedora21):
 +
 
 +
*performance improvements
 +
**speed-up for SELinux tools like semanage, setsebool
 +
**reduces peak memory usage
 +
*moving the policy store out of /etc
 +
**user could easily get back Factory setup by removing a directory out of /etc
 +
*shrinking SELinux policy
 +
**CIL grammer should allow us to write more effective policy
 +
**prioritize of project's policies
 
    
 
    
 
<!-- What is the benefit to the platform?  If this is a major capability update, what has changed?  If this is a new functionality, what capabilities does it bring? Why will Fedora become a better distribution or project because of this proposal?-->
 
<!-- What is the benefit to the platform?  If this is a major capability update, what has changed?  If this is a new functionality, what capabilities does it bring? Why will Fedora become a better distribution or project because of this proposal?-->

Revision as of 19:40, 25 May 2015


A new location for SELinux policy store root and CIL languague

Summary

Owner

Current status

  • Targeted release: Fedora 23
  • Last updated: 2015-05-25
  • Tracker bug: <will be assigned by the Wrangler>

Detailed Description

Benefit to Fedora

The implementations bring some big system/distribution improvements against the current state (policy.29 + Fedora21):

  • performance improvements
    • speed-up for SELinux tools like semanage, setsebool
    • reduces peak memory usage
  • moving the policy store out of /etc
    • user could easily get back Factory setup by removing a directory out of /etc
  • shrinking SELinux policy
    • CIL grammer should allow us to write more effective policy
    • prioritize of project's policies


Scope

  • Proposal owners:
  • Other developers: N/A (not a System Wide Change)
  • Release engineering: N/A (not a System Wide Change)
  • Policies and guidelines: N/A (not a System Wide Change)
  • Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

N/A (not a System Wide Change)

How To Test

N/A (not a System Wide Change)

User Experience

N/A (not a System Wide Change)

Dependencies

N/A (not a System Wide Change)

Contingency Plan

  • Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change), Yes/No
  • Blocks product? product

Documentation

N/A (not a System Wide Change)

Release Notes