On 31/03/2023 17:08, Petr Lautrbach wrote:
David Sommerseth <dazo(a)eurephia.org> writes:
> On 31/03/2023 16:36, Neal Gompa wrote:
>> On Fri, Mar 31, 2023 at 9:58 AM David Sommerseth <dazo(a)eurephia.org>
>>> I had an upstream SELinux pull-request merged in autumn 2020 . But I
>>> still don't see this SELinux boolean flag (renamed  to
>>> "dbus_pass_tuntap_fd") present in Fedora 38. So I wonder how the
>>> SELinux refpolicy is consumed into Fedora's SELinux policies ... when
>>> can I expect to see this in Fedora and RHEL SELinux policies?
The best way is to create a bug with a request to backport a patch or
create a PR on github.com/fedora-selinux/selinux-policy
Alright, I'll wrap up a patch and pull-req for fedora-selinux too.
But for OpenVPN 3 Linux I do have an additional policy for a few of the
D-Bus services as well. Would it make sense to just keep them in the
openvpn3-linux project, or should I try to get them to some more
widespread SELinux reference policies?
Considering the discoveries of today, I'm kind a wondering if it's best
to keep it how it is. That way I can ensure it's available on all
distributions with SELinux support more easily. But I'm open to think
> Maybe not the right place to ask ... but what is the purpose and
> the SELinux refpolicy project if several of the larger Linux
> distributions doesn't pay attention to it?
> I kinda would expect that lots of the SELinux policy details in Fedora
> would be pretty much the same challenges in other distributions as well.
AFAIK refpolicy was more conservative while fedora-selinux was more
focused on usability on desktop. They're still somehow compatible, they
use same build process and backports from or to fedora-selinux still happen
from time to time, but fedora-selinux is not considered as fork anymore.
Okay, good to know. Is fedora-selinux specific to Fedora/RHEL only, or
does other distributions also use this as their refpolicy?