#665 #650 Align SELinux policy with latest kernel
Merged 13 days ago by pbokoc. Opened a month ago by quiet.
fedora-docs/ quiet/release-notes iss650  into  f34

@@ -3,3 +3,15 @@ 

  

  [[sect-security]]

  = Security

+ 

+ == Align the SELinux policy with the current kernel

+ 

+ In Fedora 34 release, the SELinux policy has been updated to match the state in the current kernel so that SELinux can utilize the kernel provided features.

+ 

+ The enhancements to the SELinux policy include new:

+ 

+ * classes: `lockdown`, `perf_event`

+ * permissions: `watch`, `watch_mount`, `watch_reads`, `watch_sb`, `watch_with_perm`

+ * capabilities: `bpf`, `checkpoint_restore`, `perfmon`

+ 

+ This update brings better granularity for granting permissions, which has subsequent security benefits.

Hello @zpytela
could you please review the proposed doctext for F34 Change: Make selinux-policy up-to-date with the latest kernel issue?

Thanks,

@zpytela "the latest kernel" is it better to name the specific kernel version here and in the text below?

@quiet The permissions have been in kernel for some time already, so I'd rather not mention a particular kernel version. Thinking about it, usgin "latest" can be misleading, maybe "Align the SELinux policy with the current kernel" fits a bit better, as well as "the SELinux policy has been updated to match the state in the current kernel so that SELinux can utilize the kernel provided features." and "This update brings better granularity for granting permissions, which has subsequent security benefits."

The content is otherwise correct.

1 new commit added

  • Applies SME review
a month ago

Pull-Request has been merged by pbokoc

13 days ago
Metadata