All of lore.kernel.org
 help / color / mirror / Atom feed
* [refpolicy] Rebasing fedora selinux-policy with refpolicy upstream
@ 2018-03-09  9:16 Lukas Vrabec
  2018-03-09 22:24 ` Chris PeBenito
  0 siblings, 1 reply; 3+ messages in thread
From: Lukas Vrabec @ 2018-03-09  9:16 UTC (permalink / raw)
  To: refpolicy

Hi All,

As a maintainer of SELinux distribution policy for Fedora, I would like
to start with rebasing SELinux modules with upstream refpolicy.

Unfortunately refpolicy and fedora selinux-policy quite diverged
during the time. Do the full rebase will be probably really messy
action. I prefer start with smaller modules from contrib branch/repo.

However I have few questions here. SELinux policy in Fedora cover more
setups then refpolicy (contain more allow/generic rules). I'll merge
allow rules from refpolicy which are missing in Fedora selinux-policy,
but would you like to see allow rules from fedora selinux-policy in
refpolicy upstream? Lot of these rules could be Fedora/RHEL specific.
Should I start sending patches and you will decide which
should be merged?

Thanks,
Lukas.

-- 
Lukas Vrabec
Software Engineer, Security Technologies
Red Hat, Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20180309/2bf3bfc9/attachment.bin 

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [refpolicy] Rebasing fedora selinux-policy with refpolicy upstream
  2018-03-09  9:16 [refpolicy] Rebasing fedora selinux-policy with refpolicy upstream Lukas Vrabec
@ 2018-03-09 22:24 ` Chris PeBenito
  2018-03-12 11:36   ` Lukas Vrabec
  0 siblings, 1 reply; 3+ messages in thread
From: Chris PeBenito @ 2018-03-09 22:24 UTC (permalink / raw)
  To: refpolicy

On 03/09/2018 04:16 AM, Lukas Vrabec via refpolicy wrote:
> As a maintainer of SELinux distribution policy for Fedora, I would like
> to start with rebasing SELinux modules with upstream refpolicy.
> 
> Unfortunately refpolicy and fedora selinux-policy quite diverged
> during the time. Do the full rebase will be probably really messy
> action. I prefer start with smaller modules from contrib branch/repo.
> 
> However I have few questions here. SELinux policy in Fedora cover more
> setups then refpolicy (contain more allow/generic rules). I'll merge
> allow rules from refpolicy which are missing in Fedora selinux-policy,
> but would you like to see allow rules from fedora selinux-policy in
> refpolicy upstream? Lot of these rules could be Fedora/RHEL specific.
> Should I start sending patches and you will decide which
> should be merged?

I have not looked at the Fedora policy in some time, so I don't know of 
anything specific that would be problematic.  My suggestion would be to 
start with small changes in contrib that will hopefully not be contentious.

-- 
Chris PeBenito

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [refpolicy] Rebasing fedora selinux-policy with refpolicy upstream
  2018-03-09 22:24 ` Chris PeBenito
@ 2018-03-12 11:36   ` Lukas Vrabec
  0 siblings, 0 replies; 3+ messages in thread
From: Lukas Vrabec @ 2018-03-12 11:36 UTC (permalink / raw)
  To: refpolicy

On 03/09/2018 11:24 PM, Chris PeBenito wrote:
> On 03/09/2018 04:16 AM, Lukas Vrabec via refpolicy wrote:
>> As a maintainer of SELinux distribution policy for Fedora, I would like
>> to start with rebasing SELinux modules with upstream refpolicy.
>>
>> Unfortunately refpolicy and fedora selinux-policy quite diverged
>> during the time. Do the full rebase will be probably really messy
>> action. I prefer start with smaller modules from contrib branch/repo.
>>
>> However I have few questions here. SELinux policy in Fedora cover more
>> setups then refpolicy (contain more allow/generic rules). I'll merge
>> allow rules from refpolicy which are missing in Fedora selinux-policy,
>> but would you like to see allow rules from fedora selinux-policy in
>> refpolicy upstream? Lot of these rules could be Fedora/RHEL specific.
>> Should I start sending patches and you will decide which
>> should be merged?
> 
> I have not looked at the Fedora policy in some time, so I don't know of
> anything specific that would be problematic.? My suggestion would be to
> start with small changes in contrib that will hopefully not be contentious.
> 

Understand, I'll start with rebasing small SELinux modules.

Thanks,
Lukas.

-- 
Lukas Vrabec
Software Engineer, Security Technologies
Red Hat, Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20180312/470a0d9b/attachment.bin 

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-03-12 11:36 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-03-09  9:16 [refpolicy] Rebasing fedora selinux-policy with refpolicy upstream Lukas Vrabec
2018-03-09 22:24 ` Chris PeBenito
2018-03-12 11:36   ` Lukas Vrabec

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.