f5b3d7b772
- Add the swtpm.if interface file for interactions with other domains Resolves: RHEL-47274 - Allow virtproxyd create and use its private tmp files Resolves: RHEL-40499 - Allow virtproxyd read network state Resolves: RHEL-40499 - Allow virtqemud domain transition on swtpm execution Resolves: RHEL-47274 Resolves: RHEL-49763 - Allow virtqemud relabel virt_var_run_t directories Resolves: RHEL-47274 Resolves: RHEL-45464 Resolves: RHEL-49763 - Allow virtqemud domain transition on passt execution Resolves: RHEL-45464 - Allow virt_driver_domain create and use log files in /var/log Resolves: RHEL-40239 - Allow virt_driver_domain connect to systemd-userdbd over a unix socket Resolves: RHEL-44932 Resolves: RHEL-44898 - Update stalld policy for bpf usage Resolves: RHEL-50356 - Allow boothd connect to systemd-userdbd over a unix socket Resolves: RHEL-45907 - Allow linuxptp configure phc2sys and chronyd over a unix domain socket Resolves: RHEL-46011 - Allow systemd-machined manage runtime sockets Resolves: RHEL-49567 - Allow ip command write to ipsec's logs Resolves: RHEL-41222 - Allow init_t nnp domain transition to firewalld_t Resolves: RHEL-52481 - Update qatlib policy for v24.02 with new features Resolves: RHEL-50377 - Allow postfix_domain map postfix_etc_t files Resolves: RHEL-46327 |
||
|---|---|---|
| .fmf | ||
| plans | ||
| tests | ||
| .gitignore | ||
| booleans-minimum.conf | ||
| booleans-mls.conf | ||
| booleans-targeted.conf | ||
| booleans.subs_dist | ||
| COPYING | ||
| customizable_types | ||
| file_contexts.subs_dist | ||
| gating.yaml | ||
| ifndefy.py | ||
| make-rhat-patches.sh | ||
| Makefile.devel | ||
| modules-minimum.conf | ||
| modules-mls-base.conf | ||
| modules-mls-contrib.conf | ||
| modules-targeted-base.conf | ||
| modules-targeted-contrib.conf | ||
| modules-targeted.conf | ||
| permissivedomains.cil | ||
| README.md | ||
| rpm.macros | ||
| securetty_types-minimum | ||
| securetty_types-mls | ||
| securetty_types-targeted | ||
| selinux-check-proper-disable.service | ||
| selinux-policy.conf | ||
| selinux-policy.spec | ||
| setrans-minimum.conf | ||
| setrans-mls.conf | ||
| setrans-targeted.conf | ||
| sources | ||
| users-minimum | ||
| users-mls | ||
| users-targeted | ||
| varrun-convert.sh | ||
Purpose
SELinux Fedora Policy is a fork of the SELinux reference policy. The fedora-selinux/selinux-policy repo makes Fedora packaging simpler and more transparent for packagers, upstream developers, and users. It is used for applying downstream Fedora fixes, for communication about proposed/committed changes, and for communication with upstream and the community. It reflects the upstream repository structure to make submitting patches to upstream easy.
Structure
GitHub
On GitHub, we have one repository containing the policy sources.
$ cd selinux-policy
$ git remote -v
origin git@github.com:fedora-selinux/selinux-policy.git (fetch)
$ git branch -r
origin/HEAD -> origin/master
origin/f27
origin/f28
origin/master
origin/rawhide
Note: As opposed to dist-git, the Rawhide content resides in the rawhide branch rather than master.
dist-git
Package sources in dist-git are composed from the selinux-policy repository snapshot tarball, container-selinux policy files snapshot, the macro-expander script snapshot, and from other config files.
Build process
-
Clone the fedora-selinux/selinux-policy repository.
$ cd ~/devel/github $ git clone git@github.com:fedora-selinux/selinux-policy.git $ cd selinux-policy -
Create, backport, or cherry-pick needed changes to a particular branch and push them.
-
Clone the selinux-policy dist-git repository.
$ cd ~/devel/dist-git $ fedpkg clone selinux-policy $ cd selinux-policy -
Download the latest snapshot from the selinux-policy GitHub repository.
$ ./make-rhat-patches.sh -
Add changes to the dist-git repository, bump release, create a changelog entry, commit, and push.
-
Build the package.
$ fedpkg build