SELinux policy configuration
Go to file
Juraj Marcin 4715f116ff * Tue Nov 14 2023 Juraj Marcin <jmarcin@redhat.com> - 38.1.27-1
- Remove glusterd module
Resolves: RHEL-1548
- Improve default file context(None) of /var/lib/authselect/backups
Resolves: RHEL-15220
- Set default file context of /var/lib/authselect/backups to <<none>>
Resolves: RHEL-15220
- Create policy for afterburn
Resolves: RHEL-12591
- Allow unconfined_domain_type use io_uring cmd on domain
Resolves: RHEL-11792
- Add policy for coreos installer
Resovles: RHEL-5164
- Add policy for nvme-stas
Resolves: RHEL-1557
- Label /var/run/auditd.state as auditd_var_run_t
Resolves: RHEL-14374
- Allow ntp to bind and connect to ntske port.
Resolves: RHEL-15085
- Allow ip an explicit domain transition to other domains
Resolves: RHEL-14246
- Label /usr/libexec/selinux/selinux-autorelabel with semanage_exec_t
Resolves: RHEL-14289
- Allow sssd domain transition on passkey_child execution conditionally
Resolves: RHEL-14014
- Allow sssd use usb devices conditionally
Resolves: RHEL-14014
- Allow kdump create and use its memfd: objects
Resolves: RHEL-14413
2023-11-14 20:51:42 +01:00
.fmf run relevant Tier1 tests via TMT 2023-11-02 14:05:24 +01:00
plans fix the sequence of script commands 2023-11-09 08:08:39 +01:00
tests run relevant Tier1 tests via TMT 2023-11-02 14:05:24 +01:00
.gitignore Merged update from upstream sources 2020-11-06 00:43:32 +00:00
booleans-minimum.conf RHEL 9.0.0 Alpha bootstrap 2020-10-15 09:28:03 -07:00
booleans-mls.conf RHEL 9.0.0 Alpha bootstrap 2020-10-15 09:28:03 -07:00
booleans-targeted.conf Change the selinuxuser_execstack boolean value to true 2022-04-07 12:24:08 +02:00
booleans.subs_dist RHEL 9.0.0 Alpha bootstrap 2020-10-15 09:28:03 -07:00
COPYING RHEL 9.0.0 Alpha bootstrap 2020-10-15 09:28:03 -07:00
customizable_types RHEL 9.0.0 Alpha bootstrap 2020-10-15 09:28:03 -07:00
file_contexts.subs_dist Define equivalency for /run/systemd/generator.early 2023-07-21 16:31:26 +02:00
gating.yaml gating.yaml: add missing '}' 2021-07-07 10:46:03 +02:00
ifndefy.py Add a script for enclosing interfaces in ifndef statements 2022-11-21 15:55:02 +01:00
make-rhat-patches.sh Update source branches to build a new package for RHEL 9.4.0 2023-09-29 20:20:48 +02:00
Makefile.devel RHEL 9.0.0 Alpha bootstrap 2020-10-15 09:28:03 -07:00
modules-minimum.conf RHEL 9.0.0 Alpha bootstrap 2020-10-15 09:28:03 -07:00
modules-mls-base.conf RHEL 9.0.0 Alpha bootstrap 2020-10-15 09:28:03 -07:00
modules-mls-contrib.conf RHEL 9.0.0 Alpha bootstrap 2020-10-15 09:28:03 -07:00
modules-targeted-base.conf RHEL 9.0.0 Alpha bootstrap 2020-10-15 09:28:03 -07:00
modules-targeted-contrib.conf Remove glusterd from modules-targeted-*.conf 2023-11-14 20:51:42 +01:00
modules-targeted.conf Remove glusterd from modules-targeted-*.conf 2023-11-14 20:51:42 +01:00
permissivedomains.cil RHEL 9.0.0 Alpha bootstrap 2020-10-15 09:28:03 -07:00
README.md Merged update from upstream sources 2020-12-17 03:03:39 +00:00
rpm.macros RHEL 9.0.0 Alpha bootstrap 2020-10-15 09:28:03 -07:00
securetty_types-minimum RHEL 9.0.0 Alpha bootstrap 2020-10-15 09:28:03 -07:00
securetty_types-mls RHEL 9.0.0 Alpha bootstrap 2020-10-15 09:28:03 -07:00
securetty_types-targeted RHEL 9.0.0 Alpha bootstrap 2020-10-15 09:28:03 -07:00
selinux-check-proper-disable.service Add a systemd service to check that SELinux is disabled properly 2022-11-21 15:54:31 +01:00
selinux-policy.conf RHEL 9.0.0 Alpha bootstrap 2020-10-15 09:28:03 -07:00
selinux-policy.spec * Tue Nov 14 2023 Juraj Marcin <jmarcin@redhat.com> - 38.1.27-1 2023-11-14 20:51:42 +01:00
setrans-minimum.conf RHEL 9.0.0 Alpha bootstrap 2020-10-15 09:28:03 -07:00
setrans-mls.conf RHEL 9.0.0 Alpha bootstrap 2020-10-15 09:28:03 -07:00
setrans-targeted.conf RHEL 9.0.0 Alpha bootstrap 2020-10-15 09:28:03 -07:00
sources * Tue Nov 14 2023 Juraj Marcin <jmarcin@redhat.com> - 38.1.27-1 2023-11-14 20:51:42 +01:00
users-minimum Users have to be generated is policy/users to make 3.4 userspace happy 2022-05-11 20:41:36 +02:00
users-mls Users have to be generated is policy/users to make 3.4 userspace happy 2022-05-11 20:41:36 +02:00
users-targeted Users have to be generated is policy/users to make 3.4 userspace happy 2022-05-11 20:41:36 +02:00

Purpose

SELinux Fedora Policy is a fork of the SELinux reference policy. The fedora-selinux/selinux-policy repo makes Fedora packaging simpler and more transparent for packagers, upstream developers, and users. It is used for applying downstream Fedora fixes, for communication about proposed/committed changes, and for communication with upstream and the community. It reflects the upstream repository structure to make submitting patches to upstream easy.

Structure

GitHub

On GitHub, we have one repository containing the policy sources.

$ cd selinux-policy
$ git remote -v
origin	git@github.com:fedora-selinux/selinux-policy.git (fetch)

$ git branch -r
origin/HEAD -> origin/master
origin/f27
origin/f28
origin/master
origin/rawhide

Note: As opposed to dist-git, the Rawhide content resides in the rawhide branch rather than master.

dist-git

Package sources in dist-git are composed from the selinux-policy repository snapshot tarball, container-selinux policy files snapshot, the macro-expander script snapshot, and from other config files.

Build process

  1. Clone the fedora-selinux/selinux-policy repository.

     $ cd ~/devel/github
     $ git clone git@github.com:fedora-selinux/selinux-policy.git
     $ cd selinux-policy
    
  2. Create, backport, or cherry-pick needed changes to a particular branch and push them.

  3. Clone the selinux-policy dist-git repository.

     $ cd ~/devel/dist-git
     $ fedpkg clone selinux-policy
     $ cd selinux-policy
    
  4. Download the latest snapshot from the selinux-policy GitHub repository.

     $ ./make-rhat-patches.sh
    
  5. Add changes to the dist-git repository, bump release, create a changelog entry, commit, and push.

  6. Build the package.

     $ fedpkg build