From Fedora Project Wiki
Line 21: Line 21:
  
 
<!-- The actual name of your proposed change page should look something like: Changes/Your_Change_Proposal_Name.  This keeps all change proposals in the same namespace -->
 
<!-- The actual name of your proposed change page should look something like: Changes/Your_Change_Proposal_Name.  This keeps all change proposals in the same namespace -->
= A new location for SELinux policy store root and CIL languague =  
+
= A new location for SELinux policy module store and CIL languague =  
  
 
== Summary ==
 
== Summary ==

Revision as of 08:42, 26 May 2015


A new location for SELinux policy module store and CIL languague

Summary

These updated SELinux userspace packages together with SELinux policy packages include a change of location of the SELinux module store, which now defaults to /var/lib/selinux/.

Owner

Current status

  • Targeted release: Fedora 23
  • Last updated: 2015-05-25
  • Tracker bug: <will be assigned by the Wrangler>

Detailed Description

Benefit to Fedora

The implementations bring some big system/distribution improvements against the current state (policy.29 + Fedora21):

  • performance improvements
    • speed-up for SELinux tools like semanage, setsebool
    • reduces peak memory usage
  • moving the policy store out of /etc
    • user could easily get back Factory setup by removing a directory out of /etc
  • shrinking SELinux policy
    • CIL grammer should allow us to write more effective policy
    • prioritize of project's policies


Scope

  • Proposal owners:
  • Other developers: N/A (not a System Wide Change)
  • Release engineering: N/A (not a System Wide Change)
  • Policies and guidelines: N/A (not a System Wide Change)
  • Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

N/A (not a System Wide Change)

How To Test

N/A (not a System Wide Change)

User Experience

N/A (not a System Wide Change)

Dependencies

N/A (not a System Wide Change)

Contingency Plan

  • Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change), Yes/No
  • Blocks product? product

Documentation

N/A (not a System Wide Change)

Release Notes