Re: Contributing to Fedora's SELinux policies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 4/29/2019 8:33 AM, Lukas Vrabec wrote:
On 4/26/19 6:01 PM, Jag Raman wrote:


On 4/24/2019 10:24 AM, Jag Raman wrote:


On Apr 24, 2019, at 7:11 AM, Lukas Vrabec <lvrabec@xxxxxxxxxx> wrote:


Agree with Jason,

Feel free to contribute, we'll be more than glad ;)

Thanks,
Lukas.

On 4/23/19 11:35 PM, Jason L Tibbitts III wrote:
The selinux-policy RPM references the repository:

URL         : https://github.com/fedora-selinux/selinux-policy

There are several projects under https://github.com/fedora-selinux
which
might interest you.  I see that pull requests are being merged so that
seems a reasonable way to contribute.

- J<

Thank you very much Jason & Lukas.

I’m trying to build the policy. After cloning the “selinux-policy" repo.,
we need to execute “.travis.yml” to setup the “contrib” folder. Is
that correct?


There is no need to execute travis.yml, this file is for CI. It's enough
to clone contrib repo to selinux base repo.

I'm facing some build issues, and would like to confirm that the
following steps I'm following to build the policy are correct.

# git clone https://github.com/containers/container-selinux.git
# rm -rf selinux-policy/policy/modules/contrib
# git clone https://github.com/fedora-selinux/selinux-policy-contrib.git
selinux-policy/policy/modules/contrib;
# git clone https://github.com/containers/container-selinux.git
# cp container-selinux/container.* selinux-policy/policy/modules/contrib;
# cd selinux-policy
# make conf
# make policy


Are you following this process?
https://github.com/fedora-selinux/selinux-policy/wiki/Compiling

Thank you very much for the wiki.

I was executing "make conf; make policy", which appears to be a mistake.
Running "make policy" alone works. It looks like the conf. is
distributed as part of the repo.

Thanks for the help!
--
Jag



One of the issues I'm facing is that "djbdns.te" is passing an attribute
(djbdns_domain) as argument to the interface
"corenet_all_recvfrom_unlabeled". That doesn't seem correct, and
therefore wondering if we're even supposed to build policy for djbdns.
Could someone kindly confirm the steps to build the Fedora selinux-policy
with "contrib"s.


The best way would be create own rpm package with updates SELinux
policy, then you can install it to your system:
https://github.com/fedora-selinux/selinux-policy/wiki/Packaging

Thanks,
Lukas.

Thanks!
--
Jag


Thanks!
—
Jag


_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux