On Fri, Mar 31, 2023 at 11:16 AM David Sommerseth <dazo@xxxxxxxxxxxx> wrote: > > On 31/03/2023 17:08, Petr Lautrbach wrote: > > David Sommerseth <dazo@xxxxxxxxxxxx> writes: > > > >> On 31/03/2023 16:36, Neal Gompa wrote: > >>> On Fri, Mar 31, 2023 at 9:58 AM David Sommerseth <dazo@xxxxxxxxxxxx> wrote: > >>>> > >>>> > >>>> Hi, > >>>> > >>>> I had an upstream SELinux pull-request merged in autumn 2020 [1]. But I > >>>> still don't see this SELinux boolean flag (renamed [2] to > >>>> "dbus_pass_tuntap_fd") present in Fedora 38. So I wonder how the > >>>> SELinux refpolicy is consumed into Fedora's SELinux policies ... when > >>>> can I expect to see this in Fedora and RHEL SELinux policies? > >>>> > > > > The best way is to create a bug with a request to backport a patch or > > create a PR on github.com/fedora-selinux/selinux-policy > > Alright, I'll wrap up a patch and pull-req for fedora-selinux too. > > But for OpenVPN 3 Linux I do have an additional policy for a few of the > D-Bus services as well. Would it make sense to just keep them in the > openvpn3-linux project, or should I try to get them to some more > widespread SELinux reference policies? > > Considering the discoveries of today, I'm kind a wondering if it's best > to keep it how it is. That way I can ensure it's available on all > distributions with SELinux support more easily. But I'm open to think > differently. > > [...snip...] > > >> Maybe not the right place to ask ... but what is the purpose and goal of > >> the SELinux refpolicy project if several of the larger Linux > >> distributions doesn't pay attention to it? > >> > >> I kinda would expect that lots of the SELinux policy details in Fedora > >> would be pretty much the same challenges in other distributions as well. > >> > > > > AFAIK refpolicy was more conservative while fedora-selinux was more > > focused on usability on desktop. They're still somehow compatible, they > > use same build process and backports from or to fedora-selinux still happen > > from time to time, but fedora-selinux is not considered as fork anymore. > > Okay, good to know. Is fedora-selinux specific to Fedora/RHEL only, or > does other distributions also use this as their refpolicy? > SUSE Linux distributions use the fedora-selinux policy too. Arch and Gentoo have their own forks of refpolicy. -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue