Re: How is the upstream SELinux refpolicy tied into Fedora?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



David Sommerseth <dazo@xxxxxxxxxxxx> writes:

> On 31/03/2023 16:36, Neal Gompa wrote:
>> On Fri, Mar 31, 2023 at 9:58 AM David Sommerseth <dazo@xxxxxxxxxxxx> wrote:
>>>
>>>
>>> Hi,
>>>
>>> I had an upstream SELinux pull-request merged in autumn 2020 [1].  But I
>>> still don't see this SELinux boolean flag (renamed [2] to
>>> "dbus_pass_tuntap_fd") present in Fedora 38.  So I wonder how the
>>> SELinux refpolicy is consumed into Fedora's SELinux policies ... when
>>> can I expect to see this in Fedora and RHEL SELinux policies?
>>>

The best way is to create a bug with a request to backport a patch or
create a PR on github.com/fedora-selinux/selinux-policy

>>> [1]
>>> <https://github.com/SELinuxProject/refpolicy/commit/79c7859a4807236693c734421642d5aacff0a9e2>
>>> [2]
>>> <https://github.com/SELinuxProject/refpolicy/commit/ba3818ebcc3a627bc331c61acf2df13d223452ea>
>>>
>> 
>> It's not consumed by Fedora or openSUSE at all. Fedora and openSUSE
>> follow this instead: https://github.com/fedora-selinux/selinux-policy
>> 
>> As far as I know, there has been no reconciliation between the two
>> happening anytime in the recent past and it's unlikely to happen
>> anytime soon.
> Maybe not the right place to ask ... but what is the purpose and goal of 
> the SELinux refpolicy project if several of the larger Linux 
> distributions doesn't pay attention to it?
>
> I kinda would expect that lots of the SELinux policy details in Fedora 
> would be pretty much the same challenges in other distributions as well.
>

AFAIK refpolicy was more conservative while fedora-selinux was more
focused on usability on desktop. They're still somehow compatible, they
use same build process and backports from or to fedora-selinux still happen
from time to time, but fedora-selinux is not considered as fork anymore. 

You can try refpolicy on your own and see whether it works for you

https://github.com/SELinuxProject/selinux-notebook/blob/main/src/reference_policy.md#installing-and-building-the-reference-policy-source

Petr


> _______________________________________________
> selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
> Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux