A new location for SELinux policy store root and CIL languague

Summary

These updated SELinux userspace packages together with SELinux policy packages include a change of location of the SELinux module store, which now defaults to /var/lib/selinux/.

Owner

• Name: Petr Lautrbach
• Email: plautrba@redhat.com
• Name: Miroslav Grepl
• Email: mgrepl@redhat.com
• Release notes owner:

Current status

• Targeted release: Fedora 23
• Last updated: 2015-05-25
• Tracker bug: <will be assigned by the Wrangler>

Detailed Description

Benefit to Fedora

The implementations bring some big system/distribution improvements against the current state (policy.29 + Fedora21):

• performance improvements
  • speed-up for SELinux tools like semanage, setsebool
  • reduces peak memory usage
• moving the policy store out of /etc
  • user could easily get back Factory setup by removing a directory out of /etc
• shrinking SELinux policy
  • CIL grammer should allow us to write more effective policy
  • prioritize of project's policies

Scope

• Proposal owners:

• Other developers: N/A (not a System Wide Change)

• Release engineering: N/A (not a System Wide Change)

• Policies and guidelines: N/A (not a System Wide Change)

• Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

N/A (not a System Wide Change)

How To Test

N/A (not a System Wide Change)

User Experience

N/A (not a System Wide Change)

Dependencies

N/A (not a System Wide Change)

Contingency Plan

• Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
• Contingency deadline: N/A (not a System Wide Change)
• Blocks release? N/A (not a System Wide Change), Yes/No
• Blocks product? product

Documentation

N/A (not a System Wide Change)

Release Notes