Policy

Features of RPMShield

Policy-based control of package installation actions

While existing package managers such as RPM allow a system administrator to examine package contents and installation scripts in detail, this is a cumbersome process and hence seldom undertaken. In contrast, our approach presents a convenient interface through which a system administrator can exert control over installation actions that impact system security or the operation of existing applications.

Notification of security relevant behavior of packages

Our tool conveniently notifies the user of any actions of the package manager that may affect system security and operability.

Operability with changes made outside of package managers

Our approach provides a convenient mechanism to control updates to manually edited files, files shared among multiple packages, or more generally, files installed outside the scope of the package manager.

Normal-user installation of packages

Individual users often want to install packages that are of interest to themselves. Since all RPM installation actions require super-user privilege, normal users are unable to install such packages for themselves. Our approach can support this capability through the use of security policies that limit installation actions so that the changes are restricted to a specific user directory. (still under testing, not shipped with current release 0.9).

Tolerance to failures

Existing package managers offer poor support to revert to original system configuration when an installation upgrade/process fails. Our automatic recovery mechanism reverts the system to its original (consistent) state.