rpms
/
selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
SELinux policy configuration
5,967 Commits 8 Branches 89 Tags 36 MiB
Shell 100%
Go to file
Zdenek Pytela 595a6449f5 * Tue Nov 24 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-9 
- Allow varnish map its private tmp files
- Allow dovecot bind to smtp ports
- Change fetchmail temporary files path to /var/spool/mail
- Allow cups_pdf_t domain to communicate with unix_dgram_socket
- Set file context for symlinks in /etc/httpd to etc_t
- Allow rpmdb rw access to inherited console, ttys, and ptys
- Allow dnsmasq read public files
- Announce merging of selinux-policy and selinux-policy-contrib
- Label /etc/resolv.conf as net_conf_t only if it is a plain file
- Fix range for unreserved ports
- Add files_search_non_security_dirs() interface
- Introduce logging_syslogd_append_public_content tunable
- Add miscfiles_append_public_files() interface
 		2020-11-24 19:47:48 +01:00
tests test-reboot.yml: test.log is mandatory, improve results format 2020-08-27 07:49:02 +02:00
.gitignore Clean up .gitignore 2020-11-03 12:25:19 +01:00
COPYING remove extra level of directory 2006-07-12 20:32:27 +00:00
Makefile.devel Hard code to MLSENABLED 2011-08-22 16:30:20 -04:00
README.md Remove trailing whitespaces 2020-10-12 10:49:45 +02:00
booleans-minimum.conf Remove ftp_home_dir boolean from distgit 2016-04-26 14:04:52 +02:00
booleans-mls.conf Make rawhide == f18 2012-12-17 17:21:00 +01:00
booleans-targeted.conf Change default value of use_virtualbox boolean 2019-09-16 16:08:14 +02:00
booleans.subs_dist subs virt_sandbox_use_nfs by virt_use_nfs 2016-07-16 17:52:41 +02:00
customizable_types * Mon Oct 17 2016 Miroslav Grepl <mgrepl@redhat.com> - 3.13.1-221 2016-10-17 20:52:01 +02:00
file_contexts.subs_dist Add /var/usrlocal equivalency rule 2019-10-31 16:50:38 -04:00
make-rhat-patches.sh make-rhat-patches: Use shallow clone 2020-10-12 06:38:28 +00:00
modules-minimum.conf - More access needed for devicekit 2010-08-30 11:58:36 -04:00
modules-mls-base.conf Add fixes for selinux-policy packages to reflect the latest changes related to policy module store migration. 2015-07-16 09:10:21 +02:00
modules-mls-contrib.conf Make active lsm module in MLS policy 2019-04-05 11:03:51 +02:00
modules-targeted-base.conf * Mon Aug 03 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.6-23 2020-08-03 13:25:54 +02:00
modules-targeted-contrib.conf * Tue Apr 16 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.6-12 2020-04-14 16:43:04 +02:00
modules-targeted.conf We should not build vbetool anylonger 2014-10-12 07:15:24 -04:00
permissivedomains.cil Remove all domains from permissive domains, it looks these policies are tested already 2019-01-13 19:28:55 +01:00
rpm.macros Update rpm.macros file fomr the upstream repo 2019-11-05 17:50:20 +01:00
securetty_types-minimum - Update to upstream 2010-03-18 15:47:35 +00:00
securetty_types-mls - Update to upstream 2010-03-18 15:47:35 +00:00
securetty_types-targeted - Update to upstream 2010-03-18 15:47:35 +00:00
selinux-policy.conf We need to setcheckreqprot to 0 for security purposes 2015-04-16 14:00:38 -04:00
selinux-policy.spec * Tue Nov 24 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-9 2020-11-24 19:47:48 +01:00
setrans-minimum.conf - Update to Latest upstream 2009-03-03 20:10:30 +00:00
setrans-mls.conf - Multiple policy fixes 2006-09-19 14:59:46 +00:00
setrans-targeted.conf - Update to Latest upstream 2009-03-03 20:10:30 +00:00
sources * Tue Nov 24 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-9 2020-11-24 19:47:48 +01:00
users-minimum - Move users file to selection by spec file. 2010-01-12 13:36:10 +00:00
users-mls - Move users file to selection by spec file. 2010-01-11 22:06:55 +00:00
users-targeted - Move users file to selection by spec file. 2010-01-12 13:36:10 +00:00

README.md

Purpose

SELinux Fedora Policy is a large patch off the mainline. The fedora-selinux/selinux-policy makes Fedora Policy packaging more simple and transparent for developers, upstream developers and users. It is used for applying downstream Fedora fixes, for communication about proposed/committed changes, for communication with upstream and the community. It reflects upstream repository structure to make submitting patches to upstream easy.

Structure

github

On GitHub, we have two repositories (selinux-policy and selinux-policy-contrib ) for dist-git repository.

$ cd selinux-policy
$ git remote -v
origin	git@github.com:fedora-selinux/selinux-policy.git (fetch)


$ git branch -r
origin/HEAD -> origin/master
origin/f27
origin/f28
origin/master
origin/rawhide

$ cd selinux-policy-contrib
$ git remote -v
origin	git@github.com:fedora-selinux/selinux-policy-contrib.git (fetch)

$ git branch -r
origin/HEAD -> origin/master
origin/f27
origin/f28
origin/master
origin/rawhide

Note: master branch on GitHub does not reflect master branch in dist-git. For this purpose, we created the _rawhide github branches in both selinux-policy and selinux-policy-contrib repositories.

dist-git

Package sources in dist-git are generally composed from a _selinux-policy and _selinux-policy-contrib repository snapshots tarballs and from other config files.

Build process

  1. clone fedora-selinux/selinux-policy repository

     $ cd ~/devel/github
 $ git clone git@github.com:fedora-selinux/selinux-policy.git
 $ cd selinux-policy

  2. clone fedora-selinux/selinux-policy-contrib repository

     $ cd ~/devel/github
 $ git clone git@github.com:fedora-selinux/selinux-policy-contrib.git
 $ cd selinux-policy-contrib

  3. create, backport, cherry-pick needed changes to a particular branch and push them

  4. clone selinux-policy dist-git repository

     $ cd ~/devel/dist-git
 $ fedpkg clone selinux-policy
 $ cd selinux-policy

  5. Download the latest snaphots from selinux-policy and selinux-policy-contrib github repositories

     $ ./make-rhat-patches.sh

  6. add changes to the dist-git repository, bump release, create a changelog entry, commit and push

  7. build the package

      $ fedpkg build