[Clip] Plans to update?

Spencer Shimko sshimko at tresys.com
Fri Dec 16 09:37:11 CST 2011 

On 12/16/2011 9:13 AM, Mark Steele wrote:
> I'm trying to get CLIP running on CentOS 6.1 (or 5.7 for that matter). The puppet content works with a bit of massaging, but the selinux policy appears to be pretty broken.
> 
> What would be the best approach to troubleshoot this? Are there any plans to maintain/update CLIP?

Hi Mark,

The CLIP policy for RHEL 5 is going to be missing a lot of rules needed to address functional changes between RHEL 5 & RHEL 6.  You could start by analyzing the audit logs and begin carefully adding policy rules as long as they don't compromise the underlying security goals driven by the various requirement sets and your own environment's goals.  

That said, we have a lot of work to do on our end to address RHEL 6.  Applying the existing puppet content might result in functional problems due to the differences between 5 & 6.  Perhaps more concerning, the content may not completely address the requirement sets in a RHEL 6 environment and there may not be a clear indication that a requirement is not being met.  We will be comparing the requirement sets against a RHEL 6 system and generating new content as necessary.  The userspace packages we distribute may also have issues running on RHEL 6.  

We are currently in the planning phase for our next CLIP releases.  Right now it looks like we will be targeting RHEL 5.7 & RHEL 6.2 but the exact versions may change as the project progresses.  Once we have a road map finalized (soonish :) we will share the plans and start cranking on the next releases.

Thanks,
--Spencer
Spencer R. Shimko
Lead Engineer, Linux Solutions Practice
Tresys Technology
8840 Stanford Boulevard, Suite 2100
Columbia, MD 21045
Phone: +1 410 290-1411 x125
FAX: +1 410 953-0494
sshimko at tresys.com | www.tresys.com

> 
> Cheers,
> 
> Mark Steele, CISSP, CSM
> Bering Media Inc.
> Office: +1 (416) 583-5227
> Mobile: +1 (416) 888-1009
> 
> 
> 
> _______________________________________________
> Clip mailing list
> Clip at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/clip

More information about the Clip mailing list