SELinux policy configuration
Go to file
Petr Šplíchal 58a31e207a
Remove explicit requires from tests.yml
Requires are now handled by Standard Test Roles based on the
individual test metadata so there is no need to list them here.
2019-11-04 14:01:50 +01:00
tests Remove explicit requires from tests.yml 2019-11-04 14:01:50 +01:00
.gitignore * Sun Nov 03 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-12 2019-11-03 12:59:34 +01:00
booleans-minimum.conf Remove ftp_home_dir boolean from distgit 2016-04-26 14:04:52 +02:00
booleans-mls.conf Make rawhide == f18 2012-12-17 17:21:00 +01:00
booleans-targeted.conf Change default value of use_virtualbox boolean 2019-09-16 16:08:14 +02:00
booleans.subs_dist subs virt_sandbox_use_nfs by virt_use_nfs 2016-07-16 17:52:41 +02:00
COPYING remove extra level of directory 2006-07-12 20:32:27 +00:00
customizable_types * Mon Oct 17 2016 Miroslav Grepl <mgrepl@redhat.com> - 3.13.1-221 2016-10-17 20:52:01 +02:00
file_contexts.subs_dist Add /var/usrlocal equivalency rule 2019-10-31 16:50:38 -04:00
make-rhat-patches.sh Make macro-expander script executable 2019-07-06 16:59:57 +02:00
Makefile * Mon Jan 08 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-310 2018-01-08 12:28:09 +01:00
Makefile.devel Hard code to MLSENABLED 2011-08-22 16:30:20 -04:00
modules-minimum.conf - More access needed for devicekit 2010-08-30 11:58:36 -04:00
modules-mls-base.conf Add fixes for selinux-policy packages to reflect the latest changes related to policy module store migration. 2015-07-16 09:10:21 +02:00
modules-mls-contrib.conf Make active lsm module in MLS policy 2019-04-05 11:03:51 +02:00
modules-targeted-base.conf Activate kdbus.pp 2015-08-03 17:47:45 +02:00
modules-targeted-contrib.conf Make ipa_custodia policy active 2019-09-20 14:58:18 +02:00
modules-targeted.conf We should not build vbetool anylonger 2014-10-12 07:15:24 -04:00
permissivedomains.cil Remove all domains from permissive domains, it looks these policies are tested already 2019-01-13 19:28:55 +01:00
README Add README file with build process of selinux-policy rpm package 2018-08-25 00:09:29 +02:00
rpm.macros Update selinux-policy macros from upstream repo 2019-11-03 15:00:33 +01:00
securetty_types-minimum - Update to upstream 2010-03-18 15:47:35 +00:00
securetty_types-mls - Update to upstream 2010-03-18 15:47:35 +00:00
securetty_types-targeted - Update to upstream 2010-03-18 15:47:35 +00:00
selinux-factory-reset Do a factory reset when there's no policy.kern file in a store 2016-09-15 13:51:31 +02:00
selinux-factory-reset@.service Do a factory reset when there's no policy.kern file in a store 2016-09-15 13:51:31 +02:00
selinux-policy.conf We need to setcheckreqprot to 0 for security purposes 2015-04-16 14:00:38 -04:00
selinux-policy.spec * Sun Nov 03 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-12 2019-11-03 12:59:34 +01:00
setrans-minimum.conf - Update to Latest upstream 2009-03-03 20:10:30 +00:00
setrans-mls.conf - Multiple policy fixes 2006-09-19 14:59:46 +00:00
setrans-targeted.conf - Update to Latest upstream 2009-03-03 20:10:30 +00:00
seusers - Fix cron jobs to run under the correct context 2006-09-21 23:05:49 +00:00
sources * Sun Nov 03 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-12 2019-11-03 12:59:34 +01:00
users-minimum - Move users file to selection by spec file. 2010-01-12 13:36:10 +00:00
users-mls - Move users file to selection by spec file. 2010-01-11 22:06:55 +00:00
users-targeted - Move users file to selection by spec file. 2010-01-12 13:36:10 +00:00

## Purpose

SELinux Fedora Policy is a large patch off the mainline. The [fedora-selinux/selinux-policy](https://github.com/selinux-policy/selinux-policy.git) makes Fedora Policy packaging more simple and transparent for developers, upstream developers and users. It is used for applying downstream Fedora fixes, for communication about proposed/committed changes, for communication with upstream and the community. It reflects upstream repository structure to make submitting patches to upstream easy.

## Structure

### github
On GitHub, we have two repositories (selinux-policy and selinux-policy-contrib ) for dist-git repository.

    $ cd selinux-policy
    $ git remote -v
    origin	git@github.com:fedora-selinux/selinux-policy.git (fetch)


    $ git branch -r
    origin/HEAD -> origin/master
    origin/f27
    origin/f28
    origin/master
    origin/rawhide

    $ cd selinux-policy-contrib
    $ git remote -v 
    origin	git@github.com:fedora-selinux/selinux-policy-contrib.git (fetch)

    $ git branch -r
    origin/HEAD -> origin/master
    origin/f27
    origin/f28
    origin/master
    origin/rawhide

Note: _master_ branch on GitHub does not reflect master branch in dist-git. For this purpose, we created the _rawhide github branches in both selinux-policy and selinux-policy-contrib repositories.

### dist-git
Package sources in dist-git are generally composed from a _selinux-policy and _selinux-policy-contrib repository snapshots tarballs and from other config files.

## Build process

1. clone [fedora-selinux/selinux-policy](https://github.com/fedora-selinux/selinux-policy) repository
	
		$ cd ~/devel/github
		$ git clone git@github.com:fedora-selinux/selinux-policy.git
		$ cd selinux-policy

2. clone [fedora-selinux/selinux-policy-contrib](https://github.com/fedora-selinux/selinux-policy-contrib) repository
	
		$ cd ~/devel/github
		$ git clone git@github.com:fedora-selinux/selinux-policy-contrib.git
		$ cd selinux-policy-contrib

3. create, backport, cherry-pick needed changes to a particular branch and push them

4. clone **selinux-policy** dist-git repository

		$ cd ~/devel/dist-git
		$ fedpkg clone selinux-policy 
		$ cd selinux-policy

4. Download the latest snaphots from selinux-policy and selinux-policy-contrib github repositories

        $ ./make-rhat-patches.sh

5. add changes to the dist-git repository, bump release, create a changelog entry, commit and push
6. build the package
	
         $ fedpkg build