rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
SELinux policy configuration
6,157 Commits 9 Branches 105 Tags 34 MiB
Shell 100%
imports/c10s/selinux-policy-40.13.10-1.el10
Go to file
Zdenek Pytela b9f20bbf55 * Wed Oct 16 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.10-1 
- Confine gnome-remote-desktop
Resolves: RHEL-35877
- Allow virtqemud get attributes of a tmpfs filesystem
Resolves: RHEL-40855
- Allow virtqemud get attributes of cifs files
Resolves: RHEL-40855
- Allow virtqemud get attributes of filesystems with extended attributes
Resolves: RHEL-39668
- Allow virtqemud get attributes of NFS filesystems
Resolves: RHEL-40855
- Add support for secretmem anon inode
Resolves: RHEL-40953
- Allow systemd-sleep read raw disk data
Resolves: RHEL-49600
- Allow systemd-hwdb send messages to kernel unix datagram sockets
Resolves: RHEL-50810
- Label /run/modprobe.d with modules_conf_t
Resolves: RHEL-54591
- Allow setsebool_t relabel selinux data files
Resolves: RHEL-55412
- Don't audit crontab_domain write attempts to user home
Resolves: RHEL-56349
- Differentiate between staff and sysadm when executing crontab with sudo
Resolves: RHEL-56349
- Add crontab_admin_domtrans interface
Resolves: RHEL-56349
- Add crontab_domtrans interface
Resolves: RHEL-56349
- Allow boothd connect to kernel over a unix socket
Resolves: RHEL-58060
- Fix label of pseudoterminals created from sudodomain
Resolves: RHEL-58068
- systemd: allow systemd_notify_t to send data to kernel_t datagram sockets
Resolves: RHEL-58072
- Allow rsyslog read systemd-logind session files
Resolves: RHEL-40961
- Label /dev/mmcblk0rpmb character device with removable_device_t
Resolves: RHEL-55265
- Label /dev/hfi1_[0-9]+ devices
Resolves: RHEL-62836
- Label /dev/papr-sysparm and /dev/papr-vpd
Resolves: RHEL-56908
- Support SGX devices
Resolves: RHEL-62354
- Suppress semodule's stderr
Resolves: RHEL-59192
2024-10-16 16:41:17 +02:00
.fmf Add plans/tests.fmf 2023-10-11 13:27:51 +02:00
plans do not run tests which require EPEL repo 2024-07-19 08:46:59 +00:00
tests test-reboot.yml: test.log is mandatory, improve results format 2020-08-27 07:49:02 +02:00
.gitignore * Mon Feb 12 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13-1 2024-02-12 12:26:33 +01:00
booleans-minimum.conf Remove ftp_home_dir boolean from distgit 2016-04-26 14:04:52 +02:00
booleans-mls.conf Make rawhide == f18 2012-12-17 17:21:00 +01:00
booleans-targeted.conf Change default value of use_virtualbox boolean 2019-09-16 16:08:14 +02:00
booleans.subs_dist subs virt_sandbox_use_nfs by virt_use_nfs 2016-07-16 17:52:41 +02:00
COPYING remove extra level of directory 2006-07-12 20:32:27 +00:00
customizable_types * Mon Oct 17 2016 Miroslav Grepl <mgrepl@redhat.com> - 3.13.1-221 2016-10-17 20:52:01 +02:00
file_contexts.subs_dist * Tue Feb 06 2024 Zdenek Pytela <zpytela@redhat.com> - 40.12-1 2024-02-06 14:25:48 +01:00
gating.yaml Drop baseos-ci gating 2024-05-21 11:09:54 +02:00
ifndefy.py Add a script for enclosing interfaces in ifndef statements 2022-06-29 18:34:21 +00:00
make-rhat-patches.sh Update repository link and branches names for c10s 2024-05-18 22:13:10 +00:00
Makefile.devel Hard code to MLSENABLED 2011-08-22 16:30:20 -04:00
modules-minimum.conf - More access needed for devicekit 2010-08-30 11:58:36 -04:00
modules-mls-base.conf Add fixes for selinux-policy packages to reflect the latest changes related to policy module store migration. 2015-07-16 09:10:21 +02:00
modules-mls-contrib.conf Make active lsm module in MLS policy 2019-04-05 11:03:51 +02:00
modules-targeted-base.conf * Mon Aug 03 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.6-23 2020-08-03 13:25:54 +02:00
modules-targeted-contrib.conf Add afterburn to modules-targeted-contrib.conf 2023-11-28 13:56:53 +00:00
modules-targeted.conf * Fri Aug 27 2021 Zdenek Pytela <zpytela@redhat.com> - 34.17-3 2021-08-27 11:50:45 +02:00
permissivedomains.cil Remove all domains from permissive domains, it looks these policies are tested already 2019-01-13 19:28:55 +01:00
README.md Fix typos and grammar in README 2020-12-02 09:41:43 +01:00
rpm.macros Correct some errors in the RPM macro changes from -2 2024-05-18 22:13:10 +00:00
securetty_types-minimum - Update to upstream 2010-03-18 15:47:35 +00:00
securetty_types-mls - Update to upstream 2010-03-18 15:47:35 +00:00
securetty_types-targeted - Update to upstream 2010-03-18 15:47:35 +00:00
selinux-check-proper-disable.service Add a systemd service to check that SELinux is disabled properly 2021-06-22 09:38:56 +00:00
selinux-policy.conf We need to setcheckreqprot to 0 for security purposes 2015-04-16 14:00:38 -04:00
selinux-policy.spec * Wed Oct 16 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.10-1 2024-10-16 16:41:17 +02:00
setrans-minimum.conf - Update to Latest upstream 2009-03-03 20:10:30 +00:00
setrans-mls.conf - Multiple policy fixes 2006-09-19 14:59:46 +00:00
setrans-targeted.conf - Update to Latest upstream 2009-03-03 20:10:30 +00:00
sources * Wed Oct 16 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.10-1 2024-10-16 16:41:17 +02:00
users-minimum Users have to be generated is policy/users to make 3.4 userspace happy 2022-05-02 13:14:01 +00:00
users-mls Users have to be generated is policy/users to make 3.4 userspace happy 2022-05-02 13:14:01 +00:00
users-targeted Users have to be generated is policy/users to make 3.4 userspace happy 2022-05-02 13:14:01 +00:00
varrun-convert.sh * Mon Feb 12 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13-1 2024-02-12 12:26:33 +01:00

README.md

Purpose

SELinux Fedora Policy is a fork of the SELinux reference policy. The fedora-selinux/selinux-policy repo makes Fedora packaging simpler and more transparent for packagers, upstream developers, and users. It is used for applying downstream Fedora fixes, for communication about proposed/committed changes, and for communication with upstream and the community. It reflects the upstream repository structure to make submitting patches to upstream easy.

Structure

GitHub

On GitHub, we have one repository containing the policy sources.

$ cd selinux-policy
$ git remote -v
origin	git@github.com:fedora-selinux/selinux-policy.git (fetch)

$ git branch -r
origin/HEAD -> origin/master
origin/f27
origin/f28
origin/master
origin/rawhide

Note: As opposed to dist-git, the Rawhide content resides in the rawhide branch rather than master.

dist-git

Package sources in dist-git are composed from the selinux-policy repository snapshot tarball, container-selinux policy files snapshot, the macro-expander script snapshot, and from other config files.

Build process

  1. Clone the fedora-selinux/selinux-policy repository.

     $ cd ~/devel/github
 $ git clone git@github.com:fedora-selinux/selinux-policy.git
 $ cd selinux-policy

  2. Create, backport, or cherry-pick needed changes to a particular branch and push them.

  3. Clone the selinux-policy dist-git repository.

     $ cd ~/devel/dist-git
 $ fedpkg clone selinux-policy
 $ cd selinux-policy

  4. Download the latest snapshot from the selinux-policy GitHub repository.

     $ ./make-rhat-patches.sh

  5. Add changes to the dist-git repository, bump release, create a changelog entry, commit, and push.

  6. Build the package.

     $ fedpkg build