rpms/selinux-policy
6
0
Fork 0
Code Issues Pull Requests Releases Activity
SELinux policy configuration
5,885 Commits 11 Branches 139 Tags 35 MiB
Shell 100%
b4683c29a5
Go to file
Lukas Vrabec b4683c29a5
* Wed Oct 09 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-7 
- Revert "nova.fc: fix duplicated slash"
- Introduce new bolean httpd_use_opencryptoki
- Add new interface apache_read_state()
- Allow setroubleshoot_fixit_t to read random_device_t
- Label /etc/named direcotory as named_conf_t BZ(1759495)
- nova.fc: fix duplicated slash
- Allow dkim to execute sendmail
- Update virt_read_content interface to allow caller domain mmap virt_content_t block devices and files
- Update aide_t domain to allow this tool to analyze also /dev filesystem
- Update interface modutils_read_module_deps to allow caller domain also mmap modules_dep_t files BZ(1758634)
- Allow avahi_t to send msg to xdm_t
- Allow systemd_logind to read dosfs files & dirs Allow systemd-logind - a system service that manages user logins, to read files and list dirs on a DOS filesystem
- Update dev_manage_sysfs() to support managing also lnk files BZ(1759019)
- Allow systemd_logind_t domain to read blk_files in domain removable_device_t
- Add new interface udev_getattr_rules_chr_files()
2019-10-09 13:13:38 +02:00
tests Fix OSCI gating. 2019-04-12 22:29:26 +02:00
.gitignore * Wed Oct 09 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-7 2019-10-09 13:13:38 +02:00
booleans-minimum.conf Remove ftp_home_dir boolean from distgit 2016-04-26 14:04:52 +02:00
booleans-mls.conf Make rawhide == f18 2012-12-17 17:21:00 +01:00
booleans-targeted.conf Change default value of use_virtualbox boolean 2019-09-16 16:08:14 +02:00
booleans.subs_dist subs virt_sandbox_use_nfs by virt_use_nfs 2016-07-16 17:52:41 +02:00
COPYING remove extra level of directory 2006-07-12 20:32:27 +00:00
customizable_types * Mon Oct 17 2016 Miroslav Grepl <mgrepl@redhat.com> - 3.13.1-221 2016-10-17 20:52:01 +02:00
file_contexts.subs_dist Drop /var/home -> /home equivalency rule 2019-02-06 10:53:08 -05:00
make-rhat-patches.sh Make macro-expander script executable 2019-07-06 16:59:57 +02:00
Makefile * Mon Jan 08 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-310 2018-01-08 12:28:09 +01:00
Makefile.devel Hard code to MLSENABLED 2011-08-22 16:30:20 -04:00
modules-minimum.conf - More access needed for devicekit 2010-08-30 11:58:36 -04:00
modules-mls-base.conf Add fixes for selinux-policy packages to reflect the latest changes related to policy module store migration. 2015-07-16 09:10:21 +02:00
modules-mls-contrib.conf Make active lsm module in MLS policy 2019-04-05 11:03:51 +02:00
modules-targeted-base.conf Activate kdbus.pp 2015-08-03 17:47:45 +02:00
modules-targeted-contrib.conf Make ipa_custodia policy active 2019-09-20 14:58:18 +02:00
modules-targeted.conf We should not build vbetool anylonger 2014-10-12 07:15:24 -04:00
permissivedomains.cil Remove all domains from permissive domains, it looks these policies are tested already 2019-01-13 19:28:55 +01:00
README Add README file with build process of selinux-policy rpm package 2018-08-25 00:09:29 +02:00
rpm.macros * Wed Aug 07 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-29 2019-08-07 17:38:17 +02:00
securetty_types-minimum - Update to upstream 2010-03-18 15:47:35 +00:00
securetty_types-mls - Update to upstream 2010-03-18 15:47:35 +00:00
securetty_types-targeted - Update to upstream 2010-03-18 15:47:35 +00:00
selinux-factory-reset Do a factory reset when there's no policy.kern file in a store 2016-09-15 13:51:31 +02:00
selinux-factory-reset@.service Do a factory reset when there's no policy.kern file in a store 2016-09-15 13:51:31 +02:00
selinux-policy.conf We need to setcheckreqprot to 0 for security purposes 2015-04-16 14:00:38 -04:00
selinux-policy.spec * Wed Oct 09 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-7 2019-10-09 13:13:38 +02:00
setrans-minimum.conf - Update to Latest upstream 2009-03-03 20:10:30 +00:00
setrans-mls.conf - Multiple policy fixes 2006-09-19 14:59:46 +00:00
setrans-targeted.conf - Update to Latest upstream 2009-03-03 20:10:30 +00:00
seusers - Fix cron jobs to run under the correct context 2006-09-21 23:05:49 +00:00
sources * Wed Oct 09 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.5-7 2019-10-09 13:13:38 +02:00
users-minimum - Move users file to selection by spec file. 2010-01-12 13:36:10 +00:00
users-mls - Move users file to selection by spec file. 2010-01-11 22:06:55 +00:00
users-targeted - Move users file to selection by spec file. 2010-01-12 13:36:10 +00:00

README 

## Purpose

SELinux Fedora Policy is a large patch off the mainline. The [fedora-selinux/selinux-policy](https://github.com/selinux-policy/selinux-policy.git) makes Fedora Policy packaging more simple and transparent for developers, upstream developers and users. It is used for applying downstream Fedora fixes, for communication about proposed/committed changes, for communication with upstream and the community. It reflects upstream repository structure to make submitting patches to upstream easy.

## Structure

### github
On GitHub, we have two repositories (selinux-policy and selinux-policy-contrib ) for dist-git repository.

    $ cd selinux-policy
    $ git remote -v
    origin	git@github.com:fedora-selinux/selinux-policy.git (fetch)


    $ git branch -r
    origin/HEAD -> origin/master
    origin/f27
    origin/f28
    origin/master
    origin/rawhide

    $ cd selinux-policy-contrib
    $ git remote -v 
    origin	git@github.com:fedora-selinux/selinux-policy-contrib.git (fetch)

    $ git branch -r
    origin/HEAD -> origin/master
    origin/f27
    origin/f28
    origin/master
    origin/rawhide

Note: _master_ branch on GitHub does not reflect master branch in dist-git. For this purpose, we created the _rawhide github branches in both selinux-policy and selinux-policy-contrib repositories.

### dist-git
Package sources in dist-git are generally composed from a _selinux-policy and _selinux-policy-contrib repository snapshots tarballs and from other config files.

## Build process

1. clone [fedora-selinux/selinux-policy](https://github.com/fedora-selinux/selinux-policy) repository
	
		$ cd ~/devel/github
		$ git clone git@github.com:fedora-selinux/selinux-policy.git
		$ cd selinux-policy

2. clone [fedora-selinux/selinux-policy-contrib](https://github.com/fedora-selinux/selinux-policy-contrib) repository
	
		$ cd ~/devel/github
		$ git clone git@github.com:fedora-selinux/selinux-policy-contrib.git
		$ cd selinux-policy-contrib

3. create, backport, cherry-pick needed changes to a particular branch and push them

4. clone **selinux-policy** dist-git repository

		$ cd ~/devel/dist-git
		$ fedpkg clone selinux-policy 
		$ cd selinux-policy

4. Download the latest snaphots from selinux-policy and selinux-policy-contrib github repositories

        $ ./make-rhat-patches.sh

5. add changes to the dist-git repository, bump release, create a changelog entry, commit and push
6. build the package
	
         $ fedpkg build