rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
SELinux policy configuration
5,966 Commits 8 Branches 96 Tags 37 MiB
Shell 100%
05fb517c90
Go to file
Zdenek Pytela 05fb517c90 * Fri Nov 13 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-8 
- Set correct default file context for /usr/libexec/pcp/lib/*
- Introduce rpmdb_t type
- Allow slapd manage files/dirs in ldap certificates directory
- Revert "Allow certmonger add new entries in a generic certificates directory"
- Allow certmonger add new entries in a generic certificates directory
- Allow slapd add new entries in ldap certificates directory
- Remove retired PCP pmwebd and pmmgr daemons (since 5.0)
- Let keepalived bind a raw socket
- Add default file context for /usr/libexec/pcp/lib/*
- squid: Allow net_raw capability when squid_use_tproxy is enabled
- systemd: allow networkd to check namespaces
- Add ability to read init_var_run_t where fs_read_efivarfs_files is allowed
- Allow resolved to created varlink sockets and the domain to talk to it
- selinux: tweak selinux_get_enforce_mode() to allow status page to be used
- systemd: allow all systemd services to check selinux status
- Set default file context for /var/lib/ipsec/nss
- Allow user domains transition to rpmdb_t
- Revert "Add miscfiles_add_entry_generic_cert_dirs() interface"
- Revert "Add miscfiles_create_generic_cert_dirs() interface"
- Update miscfiles_manage_all_certs() to include managing directories
- Add miscfiles_create_generic_cert_dirs() interface
- Add miscfiles_add_entry_generic_cert_dirs() interface
- Revert "Label /var/run/zincati/public/motd.d/* as motd_var_run_t"
2020-11-13 10:13:13 +01:00
tests test-reboot.yml: test.log is mandatory, improve results format 2020-08-27 07:49:02 +02:00
.gitignore Clean up .gitignore 2020-11-03 12:25:19 +01:00
booleans-minimum.conf Remove ftp_home_dir boolean from distgit 2016-04-26 14:04:52 +02:00
booleans-mls.conf Make rawhide == f18 2012-12-17 17:21:00 +01:00
booleans-targeted.conf Change default value of use_virtualbox boolean 2019-09-16 16:08:14 +02:00
booleans.subs_dist subs virt_sandbox_use_nfs by virt_use_nfs 2016-07-16 17:52:41 +02:00
COPYING remove extra level of directory 2006-07-12 20:32:27 +00:00
customizable_types * Mon Oct 17 2016 Miroslav Grepl <mgrepl@redhat.com> - 3.13.1-221 2016-10-17 20:52:01 +02:00
file_contexts.subs_dist Add /var/usrlocal equivalency rule 2019-10-31 16:50:38 -04:00
make-rhat-patches.sh make-rhat-patches: Use shallow clone 2020-10-12 06:38:28 +00:00
Makefile.devel Hard code to MLSENABLED 2011-08-22 16:30:20 -04:00
modules-minimum.conf - More access needed for devicekit 2010-08-30 11:58:36 -04:00
modules-mls-base.conf Add fixes for selinux-policy packages to reflect the latest changes related to policy module store migration. 2015-07-16 09:10:21 +02:00
modules-mls-contrib.conf Make active lsm module in MLS policy 2019-04-05 11:03:51 +02:00
modules-targeted-base.conf * Mon Aug 03 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.6-23 2020-08-03 13:25:54 +02:00
modules-targeted-contrib.conf * Tue Apr 16 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.6-12 2020-04-14 16:43:04 +02:00
modules-targeted.conf We should not build vbetool anylonger 2014-10-12 07:15:24 -04:00
permissivedomains.cil Remove all domains from permissive domains, it looks these policies are tested already 2019-01-13 19:28:55 +01:00
README.md Remove trailing whitespaces 2020-10-12 10:49:45 +02:00
rpm.macros Update rpm.macros file fomr the upstream repo 2019-11-05 17:50:20 +01:00
securetty_types-minimum - Update to upstream 2010-03-18 15:47:35 +00:00
securetty_types-mls - Update to upstream 2010-03-18 15:47:35 +00:00
securetty_types-targeted - Update to upstream 2010-03-18 15:47:35 +00:00
selinux-policy.conf We need to setcheckreqprot to 0 for security purposes 2015-04-16 14:00:38 -04:00
selinux-policy.spec * Fri Nov 13 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-8 2020-11-13 10:13:13 +01:00
setrans-minimum.conf - Update to Latest upstream 2009-03-03 20:10:30 +00:00
setrans-mls.conf - Multiple policy fixes 2006-09-19 14:59:46 +00:00
setrans-targeted.conf - Update to Latest upstream 2009-03-03 20:10:30 +00:00
sources * Fri Nov 13 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-8 2020-11-13 10:13:13 +01:00
users-minimum - Move users file to selection by spec file. 2010-01-12 13:36:10 +00:00
users-mls - Move users file to selection by spec file. 2010-01-11 22:06:55 +00:00
users-targeted - Move users file to selection by spec file. 2010-01-12 13:36:10 +00:00

README.md

Purpose

SELinux Fedora Policy is a large patch off the mainline. The fedora-selinux/selinux-policy makes Fedora Policy packaging more simple and transparent for developers, upstream developers and users. It is used for applying downstream Fedora fixes, for communication about proposed/committed changes, for communication with upstream and the community. It reflects upstream repository structure to make submitting patches to upstream easy.

Structure

github

On GitHub, we have two repositories (selinux-policy and selinux-policy-contrib ) for dist-git repository.

$ cd selinux-policy
$ git remote -v
origin	git@github.com:fedora-selinux/selinux-policy.git (fetch)


$ git branch -r
origin/HEAD -> origin/master
origin/f27
origin/f28
origin/master
origin/rawhide

$ cd selinux-policy-contrib
$ git remote -v
origin	git@github.com:fedora-selinux/selinux-policy-contrib.git (fetch)

$ git branch -r
origin/HEAD -> origin/master
origin/f27
origin/f28
origin/master
origin/rawhide

Note: master branch on GitHub does not reflect master branch in dist-git. For this purpose, we created the _rawhide github branches in both selinux-policy and selinux-policy-contrib repositories.

dist-git

Package sources in dist-git are generally composed from a _selinux-policy and _selinux-policy-contrib repository snapshots tarballs and from other config files.

Build process

  1. clone fedora-selinux/selinux-policy repository

     $ cd ~/devel/github
 $ git clone git@github.com:fedora-selinux/selinux-policy.git
 $ cd selinux-policy

  2. clone fedora-selinux/selinux-policy-contrib repository

     $ cd ~/devel/github
 $ git clone git@github.com:fedora-selinux/selinux-policy-contrib.git
 $ cd selinux-policy-contrib

  3. create, backport, cherry-pick needed changes to a particular branch and push them

  4. clone selinux-policy dist-git repository

     $ cd ~/devel/dist-git
 $ fedpkg clone selinux-policy
 $ cd selinux-policy

  5. Download the latest snaphots from selinux-policy and selinux-policy-contrib github repositories

     $ ./make-rhat-patches.sh

  6. add changes to the dist-git repository, bump release, create a changelog entry, commit and push

  7. build the package

      $ fedpkg build