From Fedora Project Wiki
Line 69: Line 69:
 
== Benefit to Fedora ==
 
== Benefit to Fedora ==
  
The implementations bring some big system/distribution improvements against the current state (policy.29 + Fedora21):
+
The implementations bring some big system/distribution improvements against the current state (policy.29 + Fedora22):
  
 +
*moving the policy store out of /etc
 +
**user could easily get back Factory setup by removing a directory out of /etc
 
*performance improvements
 
*performance improvements
 
**speed-up for SELinux tools like semanage, setsebool
 
**speed-up for SELinux tools like semanage, setsebool
 
**reduces peak memory usage  
 
**reduces peak memory usage  
*moving the policy store out of /etc
 
**user could easily get back Factory setup by removing a directory out of /etc
 
 
*shrinking SELinux policy
 
*shrinking SELinux policy
 
**CIL grammer should allow us to write more effective policy
 
**CIL grammer should allow us to write more effective policy

Revision as of 08:43, 26 May 2015


A new location for SELinux policy module store and CIL languague

Summary

These updated SELinux userspace packages together with SELinux policy packages include a change of location of the SELinux module store, which now defaults to /var/lib/selinux/.

Owner

Current status

  • Targeted release: Fedora 23
  • Last updated: 2015-05-25
  • Tracker bug: <will be assigned by the Wrangler>

Detailed Description

Benefit to Fedora

The implementations bring some big system/distribution improvements against the current state (policy.29 + Fedora22):

  • moving the policy store out of /etc
    • user could easily get back Factory setup by removing a directory out of /etc
  • performance improvements
    • speed-up for SELinux tools like semanage, setsebool
    • reduces peak memory usage
  • shrinking SELinux policy
    • CIL grammer should allow us to write more effective policy
    • prioritize of project's policies


Scope

  • Proposal owners:
  • Other developers: N/A (not a System Wide Change)
  • Release engineering: N/A (not a System Wide Change)
  • Policies and guidelines: N/A (not a System Wide Change)
  • Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

N/A (not a System Wide Change)

How To Test

N/A (not a System Wide Change)

User Experience

N/A (not a System Wide Change)

Dependencies

N/A (not a System Wide Change)

Contingency Plan

  • Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change), Yes/No
  • Blocks product? product

Documentation

N/A (not a System Wide Change)

Release Notes