On 31/03/2023 16:36, Neal Gompa wrote:
Maybe not the right place to ask ... but what is the purpose and goal of the SELinux refpolicy project if several of the larger Linux distributions doesn't pay attention to it?On Fri, Mar 31, 2023 at 9:58 AM David Sommerseth <dazo@xxxxxxxxxxxx> wrote:Hi, I had an upstream SELinux pull-request merged in autumn 2020 [1]. But I still don't see this SELinux boolean flag (renamed [2] to "dbus_pass_tuntap_fd") present in Fedora 38. So I wonder how the SELinux refpolicy is consumed into Fedora's SELinux policies ... when can I expect to see this in Fedora and RHEL SELinux policies? [1] <https://github.com/SELinuxProject/refpolicy/commit/79c7859a4807236693c734421642d5aacff0a9e2> [2] <https://github.com/SELinuxProject/refpolicy/commit/ba3818ebcc3a627bc331c61acf2df13d223452ea>It's not consumed by Fedora or openSUSE at all. Fedora and openSUSE follow this instead: https://github.com/fedora-selinux/selinux-policy As far as I know, there has been no reconciliation between the two happening anytime in the recent past and it's unlikely to happen anytime soon.
I kinda would expect that lots of the SELinux policy details in Fedora would be pretty much the same challenges in other distributions as well.
-- kind regards, David Sommerseth OpenVPN Inc
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
