Greetings!
In November I pulled the ejabberd SELinux policy into Fedora 27+ so I could manage it more closely with ejabberd updates. At the time I sent pull requests to the Fedora SELinux policy to remove it from there, but the pull requests haven't been reviewed or merged. Could someone take a look?
https://github.com/fedora-selinux/selinux-policy-contrib/pull/38 https://github.com/fedora-selinux/selinux-policy-contrib/pull/39
At this point, I suppose we'll also want to make this change on the Fedora 28 branch.
You can see the policy in the ejabberd sources now:
On 04/21/2018 06:54 PM, Randy Barlow wrote:
In November I pulled the ejabberd SELinux policy into Fedora 27+ so I could manage it more closely with ejabberd updates. At the time I sent pull requests to the Fedora SELinux policy to remove it from there, but the pull requests haven't been reviewed or merged. Could someone take a look?
https://github.com/fedora-selinux/selinux-policy-contrib/pull/38 https://github.com/fedora-selinux/selinux-policy-contrib/pull/39
At this point, I suppose we'll also want to make this change on the Fedora 28 branch.
You can see the policy in the ejabberd sources now:
Could someone look at my PRs?
On 05/11/2018 07:35 PM, Randy Barlow wrote:
On 04/21/2018 06:54 PM, Randy Barlow wrote:
In November I pulled the ejabberd SELinux policy into Fedora 27+ so I could manage it more closely with ejabberd updates. At the time I sent pull requests to the Fedora SELinux policy to remove it from there, but the pull requests haven't been reviewed or merged. Could someone take a look?
https://github.com/fedora-selinux/selinux-policy-contrib/pull/38 https://github.com/fedora-selinux/selinux-policy-contrib/pull/39
At this point, I suppose we'll also want to make this change on the Fedora 28 branch.
You can see the policy in the ejabberd sources now:
Could someone look at my PRs?
Sorry for late late late answer, but yes, I'll look on it.
Did you follow these steps? [1]
Also, we have several macros which will help you with installing own SELinux module[2].
[1] https://fedoraproject.org/wiki/PackagingDrafts/SELinux_Independent_Policy
[2] https://github.com/fedora-selinux/selinux-policy-macros
Thanks, Lukas.
_______________________________________________
selinux mailing list -- selinux@lists.fedoraproject.org To unsubscribe send an email to selinux-leave@lists.fedoraproject.org
On Mon, 21 May 2018, Lukas Vrabec wrote:
On 05/11/2018 07:35 PM, Randy Barlow wrote:
https://github.com/fedora-selinux/selinux-policy-contrib/pull/38 https://github.com/fedora-selinux/selinux-policy-contrib/pull/39
Could someone look at my PRs?
Thank you, Randy, for a full and sequential patch as a 'worked example' which shows 'grafting' a selinux sub-package into a .spec file
A question: Looking at the patches, and then a local system, I see a couple of other 'selinux-policy-*' packages available:
selinux-policy-minimum.noarch selinux-policy-mls.noarch
but I see in the .spec file patch
103 + Requires: selinux-policy 104 + Requires: selinux-policy-targeted
I understand the first, as it provides the base for the other three alternatives
But the URL referenced by the selinux spec file is dead: http://oss.tresys.com/repos/refpolicy/
as to reading about what they provide (the sub-package descriptions are not helpful)
Should the line 104 provide for any of those three to satisfy its 'Require'?
-- Russ herrold
BTW, there is an old version of ejabberd selinux policy you can take a look: https://github.com/AdamPrzybyla/ejabberd-selinux Regads Adam Przybyla
On Mon, May 21, 2018 at 6:00 PM, R P Herrold herrold@owlriver.com wrote:
On Mon, 21 May 2018, Lukas Vrabec wrote:
On 05/11/2018 07:35 PM, Randy Barlow wrote:
https://github.com/fedora-selinux/selinux-policy-contrib/pull/38 https://github.com/fedora-selinux/selinux-policy-contrib/pull/39
Could someone look at my PRs?
Thank you, Randy, for a full and sequential patch as a 'worked example' which shows 'grafting' a selinux sub-package into a .spec file
A question: Looking at the patches, and then a local system, I see a couple of other 'selinux-policy-*' packages available:
selinux-policy-minimum.noarch selinux-policy-mls.noarchbut I see in the .spec file patch
103 + Requires: selinux-policy 104 + Requires: selinux-policy-targeted
I understand the first, as it provides the base for the other three alternatives
But the URL referenced by the selinux spec file is dead: http://oss.tresys.com/repos/refpolicy/
as to reading about what they provide (the sub-package descriptions are not helpful)
Should the line 104 provide for any of those three to satisfy its 'Require'?
-- Russ herrold _______________________________________________ selinux mailing list -- selinux@lists.fedoraproject.org To unsubscribe send an email to selinux-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@ lists.fedoraproject.org/message/LW2PTYKTBFD7XW7SZNNBF3XXKJ5NUUXZ/
On 05/21/2018 05:45 AM, Lukas Vrabec wrote:
Sorry for late late late answer, but yes, I'll look on it.
Did you follow these steps? [1]
Also, we have several macros which will help you with installing own SELinux module[2].
I should also apologize for my long time to reply - I've been on vacation for a long time. I almost forgot how to computer :)
I replied to your comments:
https://github.com/fedora-selinux/selinux-policy-contrib/pull/38
I also made a PR against ejabberd to get it to use the macros:
https://src.fedoraproject.org/rpms/ejabberd/pull-request/4
If you are a proven packager and agree with that PR, feel free to merge, fix the selinux_policyver global at the top to reference the selinux policy version that's needed, and build. If you are a proven packager, I should be available to coordinate doing this with you this week.
Is it OK if we do this only in Rawhide?
selinux@lists.fedoraproject.org
-
Adam Przybyla -
Lukas Vrabec -
R P Herrold -
Randy Barlow