Re: How is the upstream SELinux refpolicy tied into Fedora?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Mar 31, 2023 at 11:16 AM David Sommerseth <dazo@xxxxxxxxxxxx> wrote:
>
> On 31/03/2023 17:08, Petr Lautrbach wrote:
> > David Sommerseth <dazo@xxxxxxxxxxxx> writes:
> >
> >> On 31/03/2023 16:36, Neal Gompa wrote:
> >>> On Fri, Mar 31, 2023 at 9:58 AM David Sommerseth <dazo@xxxxxxxxxxxx> wrote:
> >>>>
> >>>>
> >>>> Hi,
> >>>>
> >>>> I had an upstream SELinux pull-request merged in autumn 2020 [1].  But I
> >>>> still don't see this SELinux boolean flag (renamed [2] to
> >>>> "dbus_pass_tuntap_fd") present in Fedora 38.  So I wonder how the
> >>>> SELinux refpolicy is consumed into Fedora's SELinux policies ... when
> >>>> can I expect to see this in Fedora and RHEL SELinux policies?
> >>>>
> >
> > The best way is to create a bug with a request to backport a patch or
> > create a PR on github.com/fedora-selinux/selinux-policy
>
> Alright, I'll wrap up a patch and pull-req for fedora-selinux too.
>
> But for OpenVPN 3 Linux I do have an additional policy for a few of the
> D-Bus services as well.  Would it make sense to just keep them in the
> openvpn3-linux project, or should I try to get them to some more
> widespread SELinux reference policies?
>
> Considering the discoveries of today, I'm kind a wondering if it's best
> to keep it how it is.  That way I can ensure it's available on all
> distributions with SELinux support more easily.  But I'm open to think
> differently.
>
> [...snip...]
>
> >> Maybe not the right place to ask ... but what is the purpose and goal of
> >> the SELinux refpolicy project if several of the larger Linux
> >> distributions doesn't pay attention to it?
> >>
> >> I kinda would expect that lots of the SELinux policy details in Fedora
> >> would be pretty much the same challenges in other distributions as well.
> >>
> >
> > AFAIK refpolicy was more conservative while fedora-selinux was more
> > focused on usability on desktop. They're still somehow compatible, they
> > use same build process and backports from or to fedora-selinux still happen
> > from time to time, but fedora-selinux is not considered as fork anymore.
>
> Okay, good to know.  Is fedora-selinux specific to Fedora/RHEL only, or
> does other distributions also use this as their refpolicy?
>

SUSE Linux distributions use the fedora-selinux policy too. Arch and
Gentoo have their own forks of refpolicy.




--
真実はいつも一つ!/ Always, there's only one truth!
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux