1:46 p.m.
Hello SELinux Fedora developers,
What is the process for packaging 3rd party SELinux
policies? the Icinga developers have been working on
this but in Fedora we have a package for each policy
type. Is the convention to merge this into the main
policy packages?
Thanks,
Shawn
3:27 a.m.
Hi,
I'm not sure what is your point. If you have one selinux package for one
service, it's right, or you want to merge all your policies to one rpm
package?
Lukas.
On 09/22/2015 08:46 PM, Shawn Starr wrote:
Hello SELinux Fedora developers,
What is the process for packaging 3rd party SELinux policies? the
Icinga developers have been working on this but in Fedora we have a
package for each policy type. Is the convention to merge this into the
main policy packages?
Thanks,
Shawn
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
--
Lukas Vrabec
SELinux Solutions
Red Hat, Inc.
6:16 a.m.
On 09/22/2015 08:46 PM, Shawn Starr wrote:
Hello SELinux Fedora developers,
What is the process for packaging 3rd party SELinux
policies? the Icinga developers have been working on
this but in Fedora we have a package for each policy
type. Is the convention to merge this into the main
policy packages?
The general answer would that the icinga developers could ship their own
modules first. There's a blog explaining how to do it [1]. It allows the
developers to make updates of policy with the package and therefore
faster development and deployment.
However in long terms it's better to incorporate a package policy to
the system policy. You can either file a bug against selinux-policy or
try to contribute yourself using this [2] howto.
[1]
https://lvrabec-selinux.rhcloud.com/2015/07/07/how-to-create-selinux-prod...
[2] https://github.com/fedora-selinux/selinux-policy/wiki/HowToContribute
Petr
--
Petr Lautrbach
7:22 a.m.
On 09/23/2015 01:16 PM, Petr Lautrbach wrote:
On 09/22/2015 08:46 PM, Shawn Starr wrote:
> Hello SELinux Fedora developers,
>
> What is the process for packaging 3rd party SELinux
> policies? the Icinga developers have been working on
> this but in Fedora we have a package for each policy
> type. Is the convention to merge this into the main
> policy packages?
>
The general answer would that the icinga developers could ship their own
modules first. There's a blog explaining how to do it [1]. It allows the
developers to make updates of policy with the package and therefore
faster development and deployment.
However in long terms it's better to incorporate a package policy to
the system policy. You can either file a bug against selinux-policy or
try to contribute yourself using this [2] howto.
Yes. In Fedora 23+, we have a new SELinux userspace with CIL and we can
easily work with third party policies. I mean there are some issues for
both cases and it is always a good experience to discuss if we want to
ship it in distro policy or if we want to ship it with a package.
Can you add these policies to review or add a link?
[1]
https://lvrabec-selinux.rhcloud.com/2015/07/07/how-to-create-selinux-prod...
[2] https://github.com/fedora-selinux/selinux-policy/wiki/HowToContribute
Petr
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
--
Miroslav Grepl
Senior Software Engineer, SELinux Solutions
Red Hat, Inc.
3137
days inactive
3138
days old
selinux@lists.fedoraproject.org
3 comments
4 participants
participants (4)
-
Lukas Vrabec -
Miroslav Grepl -
Petr Lautrbach -
Shawn Starr