On 09/23/2015 01:16 PM, Petr Lautrbach wrote:
On 09/22/2015 08:46 PM, Shawn Starr wrote:
> Hello SELinux Fedora developers,
>
> What is the process for packaging 3rd party SELinux
> policies? the Icinga developers have been working on
> this but in Fedora we have a package for each policy
> type. Is the convention to merge this into the main
> policy packages?
>
The general answer would that the icinga developers could ship their own
modules first. There's a blog explaining how to do it [1]. It allows the
developers to make updates of policy with the package and therefore
faster development and deployment.
However in long terms it's better to incorporate a package policy to
the system policy. You can either file a bug against selinux-policy or
try to contribute yourself using this [2] howto.
Yes. In Fedora 23+, we have a new SELinux userspace with CIL and we can
easily work with third party policies. I mean there are some issues for
both cases and it is always a good experience to discuss if we want to
ship it in distro policy or if we want to ship it with a package.
Can you add these policies to review or add a link?
--
Miroslav Grepl
Senior Software Engineer, SELinux Solutions
Red Hat, Inc.