d246bfd939
- Allow qatlib search the content of the kernel debugging filesystem Resolves: RHEL-66334 - Allow qatlib connect to systemd-machined over a unix socket Resolves: RHEL-66334 - Update policy for samba-bgqd Resolves: RHEL-64908 - Allow httpd get attributes of dirsrv unit files Resolves: RHEL-62706 - Allow virtstoraged read vm sysctls Resolves: RHEL-61742 - Allow virtstoraged execute mount programs in the mount domain Resolves: RHEL-61742 - Update policy for rpc-virtstorage Resolves: RHEL-61742 - Allow virtstoraged get attributes of configfs dirs Resolves: RHEL-61742 - Allow virt_driver_domain read virtd-lxc files in /proc Resolves: RHEL-61742 - Allow virtstoraged manage files with virt_content_t type Resolves: RHEL-61742 - Allow virtstoraged use the io_uring API Resolves: RHEL-61742 - Allow virtstoraged execute lvm programs in the lvm domain Resolves: RHEL-61742 - Allow svirt_t connect to unconfined_t over a unix domain socket Resolves: RHEL-61246 - Label /usr/lib/node_modules_22/npm/bin with bin_t Resolves: RHEL-56350 - Allow bacula execute container in the container domain Resolves: RHEL-39529 - Label /run/systemd/generator with systemd_unit_file_t Resolves: RHEL-68313 |
||
|---|---|---|
| .fmf | ||
| plans | ||
| tests | ||
| .gitignore | ||
| changelog | ||
| COPYING | ||
| gating.yaml | ||
| ifndefy.py | ||
| make-rhat-patches.sh | ||
| Makefile.devel | ||
| modules-minimum.lst | ||
| permissivedomains.cil | ||
| README.md | ||
| rpm.macros | ||
| selinux-check-proper-disable.service | ||
| selinux-policy-mls.conf | ||
| selinux-policy-targeted.conf | ||
| selinux-policy.conf | ||
| selinux-policy.spec | ||
| sources | ||
| varrun-convert.sh | ||
Purpose
SELinux Fedora Policy is a fork of the SELinux reference policy. The fedora-selinux/selinux-policy repo makes Fedora packaging simpler and more transparent for packagers, upstream developers, and users. It is used for applying downstream Fedora fixes, for communication about proposed/committed changes, and for communication with upstream and the community. It reflects the upstream repository structure to make submitting patches to upstream easy.
Structure
GitHub
On GitHub, we have one repository containing the policy sources.
$ cd selinux-policy
$ git remote -v
origin git@github.com:fedora-selinux/selinux-policy.git (fetch)
$ git branch -r
origin/HEAD -> origin/master
origin/f27
origin/f28
origin/master
origin/rawhide
Note: As opposed to dist-git, the Rawhide content resides in the rawhide branch rather than master.
dist-git
Package sources in dist-git are composed from the selinux-policy repository snapshot tarball, container-selinux policy files snapshot, the macro-expander script snapshot, and from other config files.
Build process
-
Clone the fedora-selinux/selinux-policy repository.
$ cd ~/devel/github $ git clone git@github.com:fedora-selinux/selinux-policy.git $ cd selinux-policy -
Create, backport, or cherry-pick needed changes to a particular branch and push them.
-
Clone the selinux-policy dist-git repository.
$ cd ~/devel/dist-git $ fedpkg clone selinux-policy $ cd selinux-policy -
Download the latest snapshot from the selinux-policy GitHub repository.
$ ./make-rhat-patches.sh -
Add changes to the dist-git repository, bump release, create a changelog entry, commit, and push.
-
Build the package.
$ fedpkg build