Skip to content

Roadmap

Jump to bottom Edit New page
Miroslav Grepl edited this page Jun 27, 2016 · 7 revisions

Action items

  1. Update seatomic Motivation wiki page (done)
  2. Describe needs for SELinux userspace changes and create a branch on https://github.com/fedora-selinux/selinux with TODOS
  • research for splitting of defaults and customizations
  • consult with usptream this research
  • find a way how and when to rebuild the policy on Atomic Hosts to apply customizations
  1. Create a roadmap for seatomic (done)

Roadmap

1. Presentation with a purpose, benefits and possible issues.

2. The basic minimal policy written in CIL.

  • Generate kernel's minimal policy using scripts/selinux/mdp
  • Implement fixes for the script to apply CIL policy language
  • Create a seatomic policy directory structure
  • Compile and install this base kernel's minimal policy
    • Makefiles and rpm spec files
    • COPR repo
    • selinux-policy-base-CIL.rpm

3. Consult findings from the basic minimal policy and review of design.

  • Identify all needed policy configuration files
  • Identify all needed communication channels, possible updates for constrain and mcs policy files
  • Document all needed basic process/files types and contexts
  • Review it with SELinux upstream folks and with Atomic folks
  • Update Design philosophy

4. Apply consulted and reviewed design in the base configuration seatomic policy files.

  • Update configurations files based on the updated Design
  • Create the base policy files seatomic/base
  • Document and visualize seatomic/base
  • Start to test it with Atomic - Atomic images with selinux-policy-atomic.rpm
  • Instructions how to create Atomic images by @atomic team
  • Feedback from @atomic team
  • RPM builds for selinux-policy-atomic.rpm based on seatomic/base

5. Create seatomic policies.

  • Transform existing policies for non-base services
  • Create a new set of needed non-base policies written in CIL
  • containers subsets
  • Testing with Atomic - updated Atomic images
  • Heads-up on @atomic maling list
  • Feedback from @atomic team
  • Document and visualize seatomic/contrib

6. seatomic policy shipped by Atomic.

  • Convert seatomic upstream github for @atomic
  • Provide a selinux-policy-atomic spec file for @atomic
  • Cooperate with Atomic team on release of the policy

7. Publicity

Add a custom footer

Home

About

  • Motivations
  • Why?
  • What?
  • How?
  • Goals and Benefits
  • Deliverables
  • Team
  • Design philosophy

Roadmap

  • Action Items
  • Roadmap
Clone this wiki locally