fccb378e9b
- Use the networkmanager_dispatcher_plugin attribute in allow rules - Make a custom nm-dispatcher plugin transition - Label port 4784/tcp and 4784/udp with bfd_multi - Allow systemd watch and watch_reads user ptys - Allow sblim-gatherd the kill capability - Label more vdsm utils with virtd_exec_t - Add ksm service to ksmtuned - Add rhcd policy - Dontaudit guest attempts to dbus chat with systemd domains - Dontaudit guest attempts to dbus chat with system bus types - Use a named transition in systemd_hwdb_manage_config() - Add default fc specifications for patterns in /opt - Add the files_create_etc_files() interface - Allow nm-dispatcher console plugin create and write files in /etc - Allow nm-dispatcher console plugin transition to the setfiles domain - Allow more nm-dispatcher plugins append to init stream sockets - Allow nm-dispatcher tlp plugin dbus chat with nm - Reorder networkmanager_dispatcher_plugin_template() calls - Allow svirt connectto virtlogd - Allow blueman map its private memfd: files - Allow sysadm user execute init scripts with a transition - Allow sblim-sfcbd connect to sblim-reposd stream - Allow keepalived_unconfined_script_t dbus chat with init - Run restorecon with "-i" not to report errors |
||
---|---|---|
tests | ||
.gitignore | ||
booleans-minimum.conf | ||
booleans-mls.conf | ||
booleans-targeted.conf | ||
booleans.subs_dist | ||
COPYING | ||
customizable_types | ||
file_contexts.subs_dist | ||
make-rhat-patches.sh | ||
Makefile.devel | ||
modules-minimum.conf | ||
modules-mls-base.conf | ||
modules-mls-contrib.conf | ||
modules-targeted-base.conf | ||
modules-targeted-contrib.conf | ||
modules-targeted.conf | ||
permissivedomains.cil | ||
README.md | ||
rpm.macros | ||
securetty_types-minimum | ||
securetty_types-mls | ||
securetty_types-targeted | ||
selinux-check-proper-disable.service | ||
selinux-policy.conf | ||
selinux-policy.spec | ||
setrans-minimum.conf | ||
setrans-mls.conf | ||
setrans-targeted.conf | ||
sources | ||
users-minimum | ||
users-mls | ||
users-targeted |
Purpose
SELinux Fedora Policy is a fork of the SELinux reference policy. The fedora-selinux/selinux-policy repo makes Fedora packaging simpler and more transparent for packagers, upstream developers, and users. It is used for applying downstream Fedora fixes, for communication about proposed/committed changes, and for communication with upstream and the community. It reflects the upstream repository structure to make submitting patches to upstream easy.
Structure
GitHub
On GitHub, we have one repository containing the policy sources.
$ cd selinux-policy
$ git remote -v
origin git@github.com:fedora-selinux/selinux-policy.git (fetch)
$ git branch -r
origin/HEAD -> origin/master
origin/f27
origin/f28
origin/master
origin/rawhide
Note: As opposed to dist-git, the Rawhide content resides in the rawhide branch rather than master.
dist-git
Package sources in dist-git are composed from the selinux-policy repository snapshot tarball, container-selinux policy files snapshot, the macro-expander script snapshot, and from other config files.
Build process
-
Clone the fedora-selinux/selinux-policy repository.
$ cd ~/devel/github $ git clone git@github.com:fedora-selinux/selinux-policy.git $ cd selinux-policy
-
Create, backport, or cherry-pick needed changes to a particular branch and push them.
-
Clone the selinux-policy dist-git repository.
$ cd ~/devel/dist-git $ fedpkg clone selinux-policy $ cd selinux-policy
-
Download the latest snapshot from the selinux-policy GitHub repository.
$ ./make-rhat-patches.sh
-
Add changes to the dist-git repository, bump release, create a changelog entry, commit, and push.
-
Build the package.
$ fedpkg build