David Sommerseth <dazo@xxxxxxxxxxxx> writes: > On 31/03/2023 16:36, Neal Gompa wrote: >> On Fri, Mar 31, 2023 at 9:58 AM David Sommerseth <dazo@xxxxxxxxxxxx> wrote: >>> >>> >>> Hi, >>> >>> I had an upstream SELinux pull-request merged in autumn 2020 [1]. But I >>> still don't see this SELinux boolean flag (renamed [2] to >>> "dbus_pass_tuntap_fd") present in Fedora 38. So I wonder how the >>> SELinux refpolicy is consumed into Fedora's SELinux policies ... when >>> can I expect to see this in Fedora and RHEL SELinux policies? >>> The best way is to create a bug with a request to backport a patch or create a PR on github.com/fedora-selinux/selinux-policy >>> [1] >>> <https://github.com/SELinuxProject/refpolicy/commit/79c7859a4807236693c734421642d5aacff0a9e2> >>> [2] >>> <https://github.com/SELinuxProject/refpolicy/commit/ba3818ebcc3a627bc331c61acf2df13d223452ea> >>> >> >> It's not consumed by Fedora or openSUSE at all. Fedora and openSUSE >> follow this instead: https://github.com/fedora-selinux/selinux-policy >> >> As far as I know, there has been no reconciliation between the two >> happening anytime in the recent past and it's unlikely to happen >> anytime soon. > Maybe not the right place to ask ... but what is the purpose and goal of > the SELinux refpolicy project if several of the larger Linux > distributions doesn't pay attention to it? > > I kinda would expect that lots of the SELinux policy details in Fedora > would be pretty much the same challenges in other distributions as well. > AFAIK refpolicy was more conservative while fedora-selinux was more focused on usability on desktop. They're still somehow compatible, they use same build process and backports from or to fedora-selinux still happen from time to time, but fedora-selinux is not considered as fork anymore. You can try refpolicy on your own and see whether it works for you https://github.com/SELinuxProject/selinux-notebook/blob/main/src/reference_policy.md#installing-and-building-the-reference-policy-source Petr > _______________________________________________ > selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx > Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue