David Sommerseth <dazo@xxxxxxxxxxxx> writes: > On 31/03/2023 17:08, Petr Lautrbach wrote: >> David Sommerseth <dazo@xxxxxxxxxxxx> writes: >> >>> On 31/03/2023 16:36, Neal Gompa wrote: >>>> On Fri, Mar 31, 2023 at 9:58 AM David Sommerseth <dazo@xxxxxxxxxxxx> wrote: >>>>> >>>>> >>>>> Hi, >>>>> >>>>> I had an upstream SELinux pull-request merged in autumn 2020 [1]. But I >>>>> still don't see this SELinux boolean flag (renamed [2] to >>>>> "dbus_pass_tuntap_fd") present in Fedora 38. So I wonder how the >>>>> SELinux refpolicy is consumed into Fedora's SELinux policies ... when >>>>> can I expect to see this in Fedora and RHEL SELinux policies? >>>>> >> >> The best way is to create a bug with a request to backport a patch or >> create a PR on github.com/fedora-selinux/selinux-policy > > Alright, I'll wrap up a patch and pull-req for fedora-selinux too. > > But for OpenVPN 3 Linux I do have an additional policy for a few of the > D-Bus services as well. Would it make sense to just keep them in the > openvpn3-linux project, or should I try to get them to some more > widespread SELinux reference policies? I'd suggest to keep them in the project and use https://fedoraproject.org/wiki/SELinux/IndependentPolicy I've added Vit who's expert in ^^ > Considering the discoveries of today, I'm kind a wondering if it's best > to keep it how it is. That way I can ensure it's available on all > distributions with SELinux support more easily. But I'm open to think > differently. > > [...snip...] > >>> Maybe not the right place to ask ... but what is the purpose and goal of >>> the SELinux refpolicy project if several of the larger Linux >>> distributions doesn't pay attention to it? >>> >>> I kinda would expect that lots of the SELinux policy details in Fedora >>> would be pretty much the same challenges in other distributions as well. >>> >> >> AFAIK refpolicy was more conservative while fedora-selinux was more >> focused on usability on desktop. They're still somehow compatible, they >> use same build process and backports from or to fedora-selinux still happen >> from time to time, but fedora-selinux is not considered as fork anymore. > > Okay, good to know. Is fedora-selinux specific to Fedora/RHEL only, or > does other distributions also use this as their refpolicy? > > > -- > kind regards, > > David Sommerseth > OpenVPN Inc _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
