diff --git a/www/html/index.html b/www/html/index.html index 6584c0b01..a10533708 100644 --- a/www/html/index.html +++ b/www/html/index.html @@ -14,12 +14,16 @@ Refpolicy is under active development, with support and full time development staff from Tresys Technology. The current release is available from the download page. The status page has more details on -what is included in the current release. This project always looking for policy -developers interested in contributing. +what is included in the current release. +

+
+

+The project is always looking for policy developers interested in contributing. +See the getting started guide for +more information on writing Refpolicy modules.


Project Goals

-

Security

Security is the reason for existence for SELinux policies and must, therefore, always be the first priority. The common view of security as a binary state (secure or not secure) is not a sufficient goal for developing an SELinux @@ -30,12 +34,45 @@ functionality, of another. The challenge for a system policies like the current strict and targeted policy or refpolicy is to support as many of these differring security goals as is practical. To accomplish this refpolicy will provide:

- -

Usability and Documentation

-

-The difficulty and complexity of creating SELinux policies has become the number -one barrier to the adoption of SELinux. It also potentially reduces the security -of the policies: a policy that is too complex to easily understand is difficult -to make secure. Refpolicy aims to make aggressive improvements in this area, -making policies easier to develop, understand, and analyze. This will be -addressed through improved structuring and organization, the addition of -modularity and abstraction, and documentation. See -getting started and -documentation for more information. -

-

Flexibility and Configuration

-

-Refpolicy aims to support a variety of policy configurations and formats, -including standard source policies, MLS policies, and -loadable policy modules -all from the same source tree. This is done through the addition of -infrastructure for automatically handling the differences between source and -loadable module based policies and the additional MLS fields to all policy -statements that include contexts. -

-