On 4/9/2019 8:02 AM, Chris PeBenito wrote:
On 4/8/19 11:05 AM, Jag Raman wrote:
Hi,
I need some help with testing "refpolicy".
I'm able to install and load the refpolicy. But I'm unable
to switch to "enforcing" mode because the OS (Fedora29)
hangs due to missing policies.
What distro of Linux are we expected to use for testing it?
Are there any patches that should be applied on top of it?
If so where could it be found? I'm trying to find out how
you test changes to the refpolicy.
Thank you very much!
Hi Chris,
Thanks for your response.
Please note the new refpolicy list. [1]
Sorry about this. I've subscribed to the new list, and added it to this
email.
There is no official distro for testing. It does support customizations
for various distributions (DISTRO build option), but that also depends
on how much of the distro's customizations are upstreamed.
I tried setting the "DISTRO" build option to "redhat", and tested on
Fedora. But it looks like "refpolicy" customizations are not upstream
for Fedora. It could be because RedHat is maintaining a separate set of
patches [2] that apply on top of an older version (RELEASE_2_20130424)
of SELinux refpolicy.
Do you know of any distro whose customizations are upstream?
[2] https://git.centos.org/summary/?r=rpms/selinux-policy.git
Thanks!
--
Jag
[1] http://vger.kernel.org/vger-lists.html#selinux-refpolicy
