Hi,
I regularly report issues with confined users in SELinux as I run as one on my day-to-day account. Sometimes I have contributed fixes to the policy, but this has been through fedpkg and diffs that doesn't really scale well.
How do you (the main developers) setup your selinux policy, what git / repo do you use for it, how do you build it etc.
Any tips would be appreciated so that I can setup a more "long lasting" environment and hopefully, get to contribute some more policy.
On 09/30/2014 02:56 PM, William wrote:
Hi,
I regularly report issues with confined users in SELinux as I run as one on my day-to-day account. Sometimes I have contributed fixes to the policy, but this has been through fedpkg and diffs that doesn't really scale well.
How do you (the main developers) setup your selinux policy, what git / repo do you use for it, how do you build it etc.
Any tips would be appreciated so that I can setup a more "long lasting" environment and hopefully, get to contribute some more policy.
If you have Fedora you can easily work with
https://github.com/selinux-policy/selinux-policy
If you have fixes, you can do a pull request against this repo. If you want to test it and do own build using
$ git clone https://github.com/selinux-policy/selinux-policy
add your changes, create a patch and
$ fedpkg clone selinux-policy --anonymous $ cd selinux-policy $ git checkout f21
edit spec file to add your patch and
$ fedpkg local
or
$ fedpkg mockbuild
for example.
I am going to write a new blog about it.
Regards, Miroslav
have Fedora you can easily work with
https://github.com/selinux-policy/selinux-policy
If you have fixes, you can do a pull request against this repo. If you want to test it and do own build using
$ git clone https://github.com/selinux-policy/selinux-policy
add your changes, create a patch and
$ fedpkg clone selinux-policy --anonymous $ cd selinux-policy $ git checkout f21
edit spec file to add your patch and
$ fedpkg local
or
$ fedpkg mockbuild
for example.
From selinux-policy I see there are make files etc. Is it possible to
build and run out of this instead of using fedpkg + patches? If not just for some testing. Or is fedpkg preferred?
On 09/30/2014 08:56 AM, William wrote:
Hi,
I regularly report issues with confined users in SELinux as I run as one on my day-to-day account. Sometimes I have contributed fixes to the policy, but this has been through fedpkg and diffs that doesn't really scale well.
How do you (the main developers) setup your selinux policy, what git / repo do you use for it, how do you build it etc.
Any tips would be appreciated so that I can setup a more "long lasting" environment and hopefully, get to contribute some more policy.
Fedora policy is now on git hub.
git@github.com:selinux-policy/selinux-policy.git
Pull requests welcomed.
selinux@lists.fedoraproject.org