On 31/03/2023 17:08, Petr Lautrbach wrote:
David Sommerseth <dazo@xxxxxxxxxxxx> writes:On 31/03/2023 16:36, Neal Gompa wrote:On Fri, Mar 31, 2023 at 9:58 AM David Sommerseth <dazo@xxxxxxxxxxxx> wrote:Hi, I had an upstream SELinux pull-request merged in autumn 2020 [1]. But I still don't see this SELinux boolean flag (renamed [2] to "dbus_pass_tuntap_fd") present in Fedora 38. So I wonder how the SELinux refpolicy is consumed into Fedora's SELinux policies ... when can I expect to see this in Fedora and RHEL SELinux policies?The best way is to create a bug with a request to backport a patch or create a PR on github.com/fedora-selinux/selinux-policy
Alright, I'll wrap up a patch and pull-req for fedora-selinux too.But for OpenVPN 3 Linux I do have an additional policy for a few of the D-Bus services as well. Would it make sense to just keep them in the openvpn3-linux project, or should I try to get them to some more widespread SELinux reference policies?
Considering the discoveries of today, I'm kind a wondering if it's best to keep it how it is. That way I can ensure it's available on all distributions with SELinux support more easily. But I'm open to think differently.
[...snip...]
Maybe not the right place to ask ... but what is the purpose and goal of the SELinux refpolicy project if several of the larger Linux distributions doesn't pay attention to it? I kinda would expect that lots of the SELinux policy details in Fedora would be pretty much the same challenges in other distributions as well.AFAIK refpolicy was more conservative while fedora-selinux was more focused on usability on desktop. They're still somehow compatible, they use same build process and backports from or to fedora-selinux still happen from time to time, but fedora-selinux is not considered as fork anymore.
Okay, good to know. Is fedora-selinux specific to Fedora/RHEL only, or does other distributions also use this as their refpolicy?
-- kind regards, David Sommerseth OpenVPN Inc
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue