64a29f1839
-Add the corecmd_watch_bin_dirs() interface Resolves: rhbz#1965013 - Update rhcd policy Resolves: rhbz#1965013 - Allow rhcd search insights configuration directories Resolves: rhbz#1965013 - Add the kernel_read_proc_files() interface Resolves: rhbz#1965013 - Update insights_client_filetrans_named_content() Resolves: rhbz#2081425 - Allow transition to insights_client named content Resolves: rhbz#2081425 - Add the insights_client_filetrans_named_content() interface Resolves: rhbz#2081425 - Update policy for insights-client to run additional commands 3 Resolves: rhbz#2081425 - Allow insights-client execute its private memfd: objects Resolves: rhbz#2081425 - Update policy for insights-client to run additional commands 2 Resolves: rhbz#2081425 - Use insights_client_tmp_t instead of insights_client_var_tmp_t Resolves: rhbz#2081425 - Change space indentation to tab in insights-client Resolves: rhbz#2081425 - Use socket permissions sets in insights-client Resolves: rhbz#2081425 - Update policy for insights-client to run additional commands Resolves: rhbz#2081425 - Allow init_t to rw insights_client unnamed pipe Resolves: rhbz#2081425 - Fix insights client Resolves: rhbz#2081425 - Update kernel_read_unix_sysctls() for sysctl_net_unix_t handling Resolves: rhbz#2081425 - Do not let system_cronjob_t create redhat-access-insights.log with var_log_t Resolves: rhbz#2081425 - Allow stalld get scheduling policy of kernel threads Resolves: rhbz#2096776 - Update samba-dcerpcd policy for kerberos usage Resolves: rhbz#2096521 - Allow winbind_rpcd_t connect to self over a unix_stream_socket Resolves: rhbz#2096255 - Allow dlm_controld send a null signal to a cluster daemon Resolves: rhbz#2095884 - Allow dhclient manage pid files used by chronyd The chronyd_manage_pid_files() interface was added. - Resolves: rhbz#2094155 Allow install_t nnp_domtrans to setfiles_mac_t - Resolves: rhbz#2073010 - Allow rabbitmq to use systemd notify Resolves: rhbz#2056565 - Allow ksmctl create hardware state information files Resolves: rhbz#2021131 - Label /var/target with targetd_var_t Resolves: rhbz#2020169 - Allow targetclid read generic SSL certificates Resolves: rhbz#2020169 |
||
|---|---|---|
| tests | ||
| .gitignore | ||
| booleans-minimum.conf | ||
| booleans-mls.conf | ||
| booleans-targeted.conf | ||
| booleans.subs_dist | ||
| COPYING | ||
| customizable_types | ||
| file_contexts.subs_dist | ||
| gating.yaml | ||
| make-rhat-patches.sh | ||
| Makefile.devel | ||
| modules-minimum.conf | ||
| modules-mls-base.conf | ||
| modules-mls-contrib.conf | ||
| modules-targeted-base.conf | ||
| modules-targeted-contrib.conf | ||
| modules-targeted.conf | ||
| permissivedomains.cil | ||
| README.md | ||
| rpm.macros | ||
| securetty_types-minimum | ||
| securetty_types-mls | ||
| securetty_types-targeted | ||
| selinux-policy.conf | ||
| selinux-policy.spec | ||
| setrans-minimum.conf | ||
| setrans-mls.conf | ||
| setrans-targeted.conf | ||
| sources | ||
| users-minimum | ||
| users-mls | ||
| users-targeted | ||
Purpose
SELinux Fedora Policy is a fork of the SELinux reference policy. The fedora-selinux/selinux-policy repo makes Fedora packaging simpler and more transparent for packagers, upstream developers, and users. It is used for applying downstream Fedora fixes, for communication about proposed/committed changes, and for communication with upstream and the community. It reflects the upstream repository structure to make submitting patches to upstream easy.
Structure
GitHub
On GitHub, we have one repository containing the policy sources.
$ cd selinux-policy
$ git remote -v
origin git@github.com:fedora-selinux/selinux-policy.git (fetch)
$ git branch -r
origin/HEAD -> origin/master
origin/f27
origin/f28
origin/master
origin/rawhide
Note: As opposed to dist-git, the Rawhide content resides in the rawhide branch rather than master.
dist-git
Package sources in dist-git are composed from the selinux-policy repository snapshot tarball, container-selinux policy files snapshot, the macro-expander script snapshot, and from other config files.
Build process
-
Clone the fedora-selinux/selinux-policy repository.
$ cd ~/devel/github $ git clone git@github.com:fedora-selinux/selinux-policy.git $ cd selinux-policy -
Create, backport, or cherry-pick needed changes to a particular branch and push them.
-
Clone the selinux-policy dist-git repository.
$ cd ~/devel/dist-git $ fedpkg clone selinux-policy $ cd selinux-policy -
Download the latest snapshot from the selinux-policy GitHub repository.
$ ./make-rhat-patches.sh -
Add changes to the dist-git repository, bump release, create a changelog entry, commit, and push.
-
Build the package.
$ fedpkg build