SELinux policy configuration
edd3ad31f7
- Add the files_getattr_non_auth_dirs() interface Resolves: rhbz#2076937 - Update policy for the sblim-sfcb service Resolves: rhbz#2076937 - Dontaudit sfcbd sys_ptrace cap_userns Resolves: rhbz#2076937 - Label /usr/sbin/sos with sosreport_exec_t Resolves: rhbz#2167731 - Allow sa-update manage spamc home files Resolves: rhbz#2222200 - Allow sa-update connect to systemlog services Resolves: rhbz#2222200 - Label /usr/lib/systemd/system/mimedefang.service with antivirus_unit_file_t Resolves: rhbz#2222200 |
||
---|---|---|
.fmf | ||
plans | ||
.gitignore | ||
booleans-minimum.conf | ||
booleans-mls.conf | ||
booleans-targeted.conf | ||
booleans.subs_dist | ||
COPYING | ||
customizable_types | ||
file_contexts.subs_dist | ||
gating.yaml | ||
make-rhat-patches.sh | ||
Makefile | ||
Makefile.devel | ||
modules-minimum.conf | ||
modules-mls-base.conf | ||
modules-mls-contrib.conf | ||
modules-targeted-base.conf | ||
modules-targeted-contrib.conf | ||
modules-targeted.conf | ||
permissivedomains.cil | ||
README | ||
rpm.macros | ||
securetty_types-minimum | ||
securetty_types-mls | ||
securetty_types-targeted | ||
selinux-factory-reset | ||
selinux-factory-reset@.service | ||
selinux-policy.conf | ||
selinux-policy.spec | ||
setrans-minimum.conf | ||
setrans-mls.conf | ||
setrans-targeted.conf | ||
seusers | ||
sources | ||
users-minimum | ||
users-mls | ||
users-targeted |
## Build process 1. clone [SELinux/selinux-policy](https://gitlab.cee.redhat.com/SELinux/selinux-policy) repository $ cd ~/devel/github $ git clone git@gitlab.cee.redhat.com:SELinux/selinux-policy.git $ cd selinux-policy 2. create, backport, cherry-pick needed changes to a particular branch and push them 3. clone **selinux-policy** dist-git repository $ cd ~/devel/dist-git $ rhpkg clone selinux-policy $ cd selinux-policy 4. Download the latest snaphots from selinux-policy and selinux-policy-contrib github repositories $ ./make-rhat-patches.sh 5. add changes to the dist-git repository, bump release, create a changelog entry, commit and push 6. build the package $ rhpkg build