From Fedora Project Wiki
Line 25: Line 25:
== Summary ==
== Summary ==
<!-- A sentence or two summarizing what this change is and what it will do. This information is used for the overall changeset summary page for each release. -->
<!-- A sentence or two summarizing what this change is and what it will do. This information is used for the overall changeset summary page for each release. -->
These updated SELinux userspace packages together with SELinux policy packages include a change of location of the SELinux module store, which now defaults to /var/lib/selinux/.


== Owner ==
== Owner ==

Revision as of 08:41, 26 May 2015


A new location for SELinux policy store root and CIL languague

Summary

These updated SELinux userspace packages together with SELinux policy packages include a change of location of the SELinux module store, which now defaults to /var/lib/selinux/.

Owner

Current status

  • Targeted release: Fedora 23
  • Last updated: 2015-05-25
  • Tracker bug: <will be assigned by the Wrangler>

Detailed Description

Benefit to Fedora

The implementations bring some big system/distribution improvements against the current state (policy.29 + Fedora21):

  • performance improvements
    • speed-up for SELinux tools like semanage, setsebool
    • reduces peak memory usage
  • moving the policy store out of /etc
    • user could easily get back Factory setup by removing a directory out of /etc
  • shrinking SELinux policy
    • CIL grammer should allow us to write more effective policy
    • prioritize of project's policies


Scope

  • Proposal owners:
  • Other developers: N/A (not a System Wide Change)
  • Release engineering: N/A (not a System Wide Change)
  • Policies and guidelines: N/A (not a System Wide Change)
  • Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

N/A (not a System Wide Change)

How To Test

N/A (not a System Wide Change)

User Experience

N/A (not a System Wide Change)

Dependencies

N/A (not a System Wide Change)

Contingency Plan

  • Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change), Yes/No
  • Blocks product? product

Documentation

N/A (not a System Wide Change)

Release Notes