rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
SELinux policy configuration
6,226 Commits 11 Branches 163 Tags 37 MiB
Shell 100%
767de9739d
Go to file
Zdenek Pytela 767de9739d * Fri Jul 18 2025 Zdenek Pytela <zpytela@redhat.com> - 42.1.3-1 
- Allow svirt read virtqemud fifo files
Resolves: RHEL-104069
- Allow virtqemud handle virt_content_t chr files
Resolves: RHEL-76104
- Allow "hostapd_cli ping" run as a systemd service
Resolves: RHEL-77047
- All sblim-sfcbd the dac_read_search capability
Resolves: RHEL-98287
- Allow sblim domain read systemd session files
Resolves: RHEL-98287
- Allow sblim-sfcbd execute dnsdomainname
Resolves: RHEL-98287
- Allow systemd-importd create and unlink init pid socket
Resolves: RHEL-98490
2025-07-18 19:29:08 +02:00
.fmf Add plans/tests.fmf 2023-10-11 13:27:51 +02:00
plans Revert "Add selinux-policy-epel test plan" 2025-05-21 10:03:23 +02:00
tests Revert "Add selinux-policy-epel test plan" 2025-05-21 10:03:23 +02:00
.gitignore * Mon Feb 12 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13-1 2024-02-12 12:26:33 +01:00
changelog * Fri Jul 18 2025 Zdenek Pytela <zpytela@redhat.com> - 42.1.3-1 2025-07-18 19:29:08 +02:00
COPYING remove extra level of directory 2006-07-12 20:32:27 +00:00
gating.yaml Drop baseos-ci gating 2024-05-21 11:09:54 +02:00
ifndefy.py Add a script for enclosing interfaces in ifndef statements 2022-06-29 18:34:21 +00:00
make-rhat-patches.sh Revert "Make make-rhat-patches.sh selinux-policy-epel aware" 2025-05-21 10:03:23 +02:00
Makefile.devel Hard code to MLSENABLED 2011-08-22 16:30:20 -04:00
modules-dropped.lst * Mon Jul 14 2025 Zdenek Pytela <zpytela@redhat.com> - 42.1.1-1 2025-07-14 17:07:34 +02:00
modules-extra.lst * Wed Jul 16 2025 Zdenek Pytela <zpytela@redhat.com> - 42.1.2-1 2025-07-16 17:05:53 +02:00
modules-minimum.lst Merge -base and -contrib 2024-11-14 17:16:04 +01:00
permissivedomains.cil Remove all domains from permissive domains, it looks these policies are tested already 2019-01-13 19:28:55 +01:00
process-modules-filtered.py Build selinux-policy-extra 2025-05-21 10:03:16 +02:00
README.md Fix typos and grammar in README 2020-12-02 09:41:43 +01:00
rpm.macros Add selinux_requires_min macro 2025-02-17 14:29:07 +01:00
selinux-check-proper-disable.service Add a systemd service to check that SELinux is disabled properly 2021-06-22 09:38:56 +00:00
selinux-policy-mls.conf Protect the targeted and mls subpackages 2024-11-14 17:14:03 +01:00
selinux-policy-targeted.conf Protect the targeted and mls subpackages 2024-11-14 17:14:03 +01:00
selinux-policy.conf We need to setcheckreqprot to 0 for security purposes 2015-04-16 14:00:38 -04:00
selinux-policy.spec * Fri Jul 18 2025 Zdenek Pytela <zpytela@redhat.com> - 42.1.3-1 2025-07-18 19:29:08 +02:00
sources * Fri Jul 18 2025 Zdenek Pytela <zpytela@redhat.com> - 42.1.3-1 2025-07-18 19:29:08 +02:00
varrun-convert.sh varrun-convert.sh: Backport changes from Rawhide 2024-11-14 17:14:03 +01:00

README.md

Purpose

SELinux Fedora Policy is a fork of the SELinux reference policy. The fedora-selinux/selinux-policy repo makes Fedora packaging simpler and more transparent for packagers, upstream developers, and users. It is used for applying downstream Fedora fixes, for communication about proposed/committed changes, and for communication with upstream and the community. It reflects the upstream repository structure to make submitting patches to upstream easy.

Structure

GitHub

On GitHub, we have one repository containing the policy sources.

$ cd selinux-policy
$ git remote -v
origin	git@github.com:fedora-selinux/selinux-policy.git (fetch)

$ git branch -r
origin/HEAD -> origin/master
origin/f27
origin/f28
origin/master
origin/rawhide

Note: As opposed to dist-git, the Rawhide content resides in the rawhide branch rather than master.

dist-git

Package sources in dist-git are composed from the selinux-policy repository snapshot tarball, container-selinux policy files snapshot, the macro-expander script snapshot, and from other config files.

Build process

  1. Clone the fedora-selinux/selinux-policy repository.

     $ cd ~/devel/github
 $ git clone git@github.com:fedora-selinux/selinux-policy.git
 $ cd selinux-policy

  2. Create, backport, or cherry-pick needed changes to a particular branch and push them.

  3. Clone the selinux-policy dist-git repository.

     $ cd ~/devel/dist-git
 $ fedpkg clone selinux-policy
 $ cd selinux-policy

  4. Download the latest snapshot from the selinux-policy GitHub repository.

     $ ./make-rhat-patches.sh

  5. Add changes to the dist-git repository, bump release, create a changelog entry, commit, and push.

  6. Build the package.

     $ fedpkg build