On 31/03/2023 17:41, Petr Lautrbach wrote:
David Sommerseth <dazo@xxxxxxxxxxxx> writes:
[...snip...]
But for OpenVPN 3 Linux I do have an additional policy for a few of the D-Bus services as well. Would it make sense to just keep them in the openvpn3-linux project, or should I try to get them to some more widespread SELinux reference policies?I'd suggest to keep them in the project and use https://fedoraproject.org/wiki/SELinux/IndependentPolicy I've added Vit who's expert in ^^
Thanks a lot! I believe the policy we currently ship via Fedora Copr is in a reasonable state. It has also been somewhat reviewed by some of the SELinux/refpolicy maintainers and I've implemented proposed changes. <https://github.com/OpenVPN/openvpn3-linux/tree/master/src/selinux> The openvpn3.te policy is what I will suggest to fedora-selinux, as that may be useful for other projects as well. The openvpn3_service.{fc,if,te} policy is OpenVPN 3 Linux specific. -- kind regards, David Sommerseth OpenVPN Inc
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
