* Fedora COPR repositories with builds of latest code @ 2017-05-24 14:22 Petr Lautrbach 2017-05-24 14:33 ` Dominick Grift 2017-05-24 14:43 ` Paul Moore 0 siblings, 2 replies; 8+ messages in thread From: Petr Lautrbach @ 2017-05-24 14:22 UTC (permalink / raw) To: SELinux, Selinux on Fedora discussion For the motivation see https://marc.info/?l=selinux&m=149435307518336&w=2 I've restarted building of Fedora packages based on latest SELinux userspace code in Fedora COPR. Packages are built using the https://gitlab.com/bachradsusi/selinux-rpm project. There is a new selinux.spec [1] file which allows to build all Fedora packages from one src.rpm and Makefile which makes the process simple. Currently there are two COPR projects: * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora/ This is built with Python3 support based on Fedora patches which are rebased against latest upstream code. * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-SELinuxProject/ This is based on pure upstream sources and without Python 3. Currently I run copr builds manually but the plan is to make it fully automated. Let me know if you find it useful or if you have ideas, comments and so on. [1] https://gitlab.com/bachradsusi/selinux-rpm/blob/master/selinux.spec Thanks, Petr ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Fedora COPR repositories with builds of latest code 2017-05-24 14:22 Fedora COPR repositories with builds of latest code Petr Lautrbach @ 2017-05-24 14:33 ` Dominick Grift 2017-05-24 14:53 ` Dominick Grift 2017-05-24 14:43 ` Paul Moore 1 sibling, 1 reply; 8+ messages in thread From: Dominick Grift @ 2017-05-24 14:33 UTC (permalink / raw) To: SELinux [-- Attachment #1: Type: text/plain, Size: 1604 bytes --] On Wed, May 24, 2017 at 04:22:08PM +0200, Petr Lautrbach wrote: > For the motivation see > https://marc.info/?l=selinux&m=149435307518336&w=2 Thanks! I enabled the one with Fedora patches because i need python3 support for setools4 This should allow me to enable extended_socket_class functionality and test it. I hope this repository will be maintained consistently so that it can be useful > > I've restarted building of Fedora packages based on latest > SELinux userspace code in Fedora COPR. Packages are built using > the https://gitlab.com/bachradsusi/selinux-rpm project. > > There is a new selinux.spec [1] file which allows to build all > Fedora packages from one src.rpm and Makefile which makes the > process simple. > > Currently there are two COPR projects: > > * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora/ > > This is built with Python3 support based on Fedora patches which > are rebased against latest upstream code. > > > * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-SELinuxProject/ > > This is based on pure upstream sources and without Python 3. > > > Currently I run copr builds manually but the plan is to make it > fully automated. > > > Let me know if you find it useful or if you have ideas, comments and so on. > > > [1] https://gitlab.com/bachradsusi/selinux-rpm/blob/master/selinux.spec > > > Thanks, > > Petr -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 659 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Fedora COPR repositories with builds of latest code 2017-05-24 14:33 ` Dominick Grift @ 2017-05-24 14:53 ` Dominick Grift 2017-05-24 20:40 ` Stephen Smalley 0 siblings, 1 reply; 8+ messages in thread From: Dominick Grift @ 2017-05-24 14:53 UTC (permalink / raw) To: SELinux [-- Attachment #1: Type: text/plain, Size: 2273 bytes --] On Wed, May 24, 2017 at 04:33:16PM +0200, Dominick Grift wrote: > On Wed, May 24, 2017 at 04:22:08PM +0200, Petr Lautrbach wrote: > > For the motivation see > > https://marc.info/?l=selinux&m=149435307518336&w=2 > > Thanks! I enabled the one with Fedora patches because i need python3 support for setools4 > > This should allow me to enable extended_socket_class functionality and test it. > > I hope this repository will be maintained consistently so that it can be useful I just enabled the extended_socket_class capability and in seinfo --polcap -x it currently shows up as "redhat1": # seinfo --polcap -x Polcap: 3 policycap network_peer_controls; policycap open_perms; policycap redhat1; I know the redhat1 polcap is re-used but not sure if this expected to return like that... > > > > > I've restarted building of Fedora packages based on latest > > SELinux userspace code in Fedora COPR. Packages are built using > > the https://gitlab.com/bachradsusi/selinux-rpm project. > > > > There is a new selinux.spec [1] file which allows to build all > > Fedora packages from one src.rpm and Makefile which makes the > > process simple. > > > > Currently there are two COPR projects: > > > > * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora/ > > > > This is built with Python3 support based on Fedora patches which > > are rebased against latest upstream code. > > > > > > * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-SELinuxProject/ > > > > This is based on pure upstream sources and without Python 3. > > > > > > Currently I run copr builds manually but the plan is to make it > > fully automated. > > > > > > Let me know if you find it useful or if you have ideas, comments and so on. > > > > > > [1] https://gitlab.com/bachradsusi/selinux-rpm/blob/master/selinux.spec > > > > > > Thanks, > > > > Petr > > -- > Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 > https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 > Dominick Grift -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 659 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Fedora COPR repositories with builds of latest code 2017-05-24 14:53 ` Dominick Grift @ 2017-05-24 20:40 ` Stephen Smalley 2017-05-25 5:44 ` Dominick Grift 0 siblings, 1 reply; 8+ messages in thread From: Stephen Smalley @ 2017-05-24 20:40 UTC (permalink / raw) To: Dominick Grift, SELinux On Wed, 2017-05-24 at 16:53 +0200, Dominick Grift wrote: > On Wed, May 24, 2017 at 04:33:16PM +0200, Dominick Grift wrote: > > On Wed, May 24, 2017 at 04:22:08PM +0200, Petr Lautrbach wrote: > > > For the motivation see > > > https://marc.info/?l=selinux&m=149435307518336&w=2 > > > > Thanks! I enabled the one with Fedora patches because i need > > python3 support for setools4 > > > > This should allow me to enable extended_socket_class functionality > > and test it. > > > > I hope this repository will be maintained consistently so that it > > can be useful > > I just enabled the extended_socket_class capability and in seinfo -- > polcap -x it currently shows up as "redhat1": > > # seinfo --polcap -x > > Polcap: 3 > policycap network_peer_controls; > policycap open_perms; > policycap redhat1; > > I know the redhat1 polcap is re-used but not sure if this expected to > return like that... Maybe setools4 hasn't been rebuilt to use the updated libsepol, or has its own internal table of the policy capability string names? > > > > > > > > > I've restarted building of Fedora packages based on latest > > > SELinux userspace code in Fedora COPR. Packages are built using > > > the https://gitlab.com/bachradsusi/selinux-rpm project. > > > > > > There is a new selinux.spec [1] file which allows to build all > > > Fedora packages from one src.rpm and Makefile which makes the > > > process simple. > > > > > > Currently there are two COPR projects: > > > > > > * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora > > > / > > > > > > This is built with Python3 support based on Fedora patches which > > > are rebased against latest upstream code. > > > > > > > > > * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-SELinu > > > xProject/ > > > > > > This is based on pure upstream sources and without Python 3. > > > > > > > > > Currently I run copr builds manually but the plan is to make it > > > fully automated. > > > > > > > > > Let me know if you find it useful or if you have ideas, comments > > > and so on. > > > > > > > > > [1] https://gitlab.com/bachradsusi/selinux-rpm/blob/master/selinu > > > x.spec > > > > > > > > > Thanks, > > > > > > Petr > > > > -- > > Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B > > 6B02 > > https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6 > > B02 > > Dominick Grift > > > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Fedora COPR repositories with builds of latest code 2017-05-24 20:40 ` Stephen Smalley @ 2017-05-25 5:44 ` Dominick Grift 2017-05-25 9:40 ` Petr Lautrbach 0 siblings, 1 reply; 8+ messages in thread From: Dominick Grift @ 2017-05-25 5:44 UTC (permalink / raw) To: SELinux [-- Attachment #1: Type: text/plain, Size: 2940 bytes --] On Wed, May 24, 2017 at 04:40:55PM -0400, Stephen Smalley wrote: > On Wed, 2017-05-24 at 16:53 +0200, Dominick Grift wrote: > > On Wed, May 24, 2017 at 04:33:16PM +0200, Dominick Grift wrote: > > > On Wed, May 24, 2017 at 04:22:08PM +0200, Petr Lautrbach wrote: > > > > For the motivation see > > > > https://marc.info/?l=selinux&m=149435307518336&w=2 > > > > > > Thanks! I enabled the one with Fedora patches because i need > > > python3 support for setools4 > > > > > > This should allow me to enable extended_socket_class functionality > > > and test it. > > > > > > I hope this repository will be maintained consistently so that it > > > can be useful > > > > I just enabled the extended_socket_class capability and in seinfo -- > > polcap -x it currently shows up as "redhat1": > > > > # seinfo --polcap -x > > > > Polcap: 3 > > policycap network_peer_controls; > > policycap open_perms; > > policycap redhat1; > > > > I know the redhat1 polcap is re-used but not sure if this expected to > > return like that... > > Maybe setools4 hasn't been rebuilt to use the updated libsepol, or has > its own internal table of the policy capability string names? thanks , yes thats the case (former) > > > > > > > > > > > > > > I've restarted building of Fedora packages based on latest > > > > SELinux userspace code in Fedora COPR. Packages are built using > > > > the https://gitlab.com/bachradsusi/selinux-rpm project. > > > > > > > > There is a new selinux.spec [1] file which allows to build all > > > > Fedora packages from one src.rpm and Makefile which makes the > > > > process simple. > > > > > > > > Currently there are two COPR projects: > > > > > > > > * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora > > > > / > > > > > > > > This is built with Python3 support based on Fedora patches which > > > > are rebased against latest upstream code. > > > > > > > > > > > > * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-SELinu > > > > xProject/ > > > > > > > > This is based on pure upstream sources and without Python 3. > > > > > > > > > > > > Currently I run copr builds manually but the plan is to make it > > > > fully automated. > > > > > > > > > > > > Let me know if you find it useful or if you have ideas, comments > > > > and so on. > > > > > > > > > > > > [1] https://gitlab.com/bachradsusi/selinux-rpm/blob/master/selinu > > > > x.spec > > > > > > > > > > > > Thanks, > > > > > > > > Petr > > > > > > -- > > > Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B > > > 6B02 > > > https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6 > > > B02 > > > Dominick Grift > > > > > > -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 659 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Fedora COPR repositories with builds of latest code 2017-05-25 5:44 ` Dominick Grift @ 2017-05-25 9:40 ` Petr Lautrbach 2017-05-25 10:07 ` Dominick Grift 0 siblings, 1 reply; 8+ messages in thread From: Petr Lautrbach @ 2017-05-25 9:40 UTC (permalink / raw) To: SELinux On 05/25/2017 07:44 AM, Dominick Grift wrote: > On Wed, May 24, 2017 at 04:40:55PM -0400, Stephen Smalley wrote: >> On Wed, 2017-05-24 at 16:53 +0200, Dominick Grift wrote: >>> On Wed, May 24, 2017 at 04:33:16PM +0200, Dominick Grift wrote: >>>> On Wed, May 24, 2017 at 04:22:08PM +0200, Petr Lautrbach wrote: >>>>> For the motivation see >>>>> https://marc.info/?l=selinux&m=149435307518336&w=2 >>>> >>>> Thanks! I enabled the one with Fedora patches because i need >>>> python3 support for setools4 >>>> >>>> This should allow me to enable extended_socket_class functionality >>>> and test it. >>>> >>>> I hope this repository will be maintained consistently so that it >>>> can be useful >>> >>> I just enabled the extended_socket_class capability and in seinfo -- >>> polcap -x it currently shows up as "redhat1": >>> >>> # seinfo --polcap -x >>> >>> Polcap: 3 >>> policycap network_peer_controls; >>> policycap open_perms; >>> policycap redhat1; >>> >>> I know the redhat1 polcap is re-used but not sure if this expected to >>> return like that... >> >> Maybe setools4 hasn't been rebuilt to use the updated libsepol, or has >> its own internal table of the policy capability string names? > > thanks , yes thats the case (former) I will update scripts to rebuild setools together with selinux sources and provide setools builds in copr repos > >> >>> >>>> >>>>> >>>>> I've restarted building of Fedora packages based on latest >>>>> SELinux userspace code in Fedora COPR. Packages are built using >>>>> the https://gitlab.com/bachradsusi/selinux-rpm project. >>>>> >>>>> There is a new selinux.spec [1] file which allows to build all >>>>> Fedora packages from one src.rpm and Makefile which makes the >>>>> process simple. >>>>> >>>>> Currently there are two COPR projects: >>>>> >>>>> * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora >>>>> / >>>>> >>>>> This is built with Python3 support based on Fedora patches which >>>>> are rebased against latest upstream code. >>>>> >>>>> >>>>> * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-SELinu >>>>> xProject/ >>>>> >>>>> This is based on pure upstream sources and without Python 3. >>>>> >>>>> >>>>> Currently I run copr builds manually but the plan is to make it >>>>> fully automated. >>>>> >>>>> >>>>> Let me know if you find it useful or if you have ideas, comments >>>>> and so on. >>>>> >>>>> >>>>> [1] https://gitlab.com/bachradsusi/selinux-rpm/blob/master/selinu >>>>> x.spec >>>>> >>>>> >>>>> Thanks, >>>>> >>>>> Petr >>>> >>>> -- >>>> Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B >>>> 6B02 >>>> https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6 >>>> B02 >>>> Dominick Grift >>> >>> >>> > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Fedora COPR repositories with builds of latest code 2017-05-25 9:40 ` Petr Lautrbach @ 2017-05-25 10:07 ` Dominick Grift 0 siblings, 0 replies; 8+ messages in thread From: Dominick Grift @ 2017-05-25 10:07 UTC (permalink / raw) To: selinux [-- Attachment #1: Type: text/plain, Size: 3550 bytes --] On Thu, May 25, 2017 at 11:40:49AM +0200, Petr Lautrbach wrote: > On 05/25/2017 07:44 AM, Dominick Grift wrote: > > On Wed, May 24, 2017 at 04:40:55PM -0400, Stephen Smalley wrote: > > > On Wed, 2017-05-24 at 16:53 +0200, Dominick Grift wrote: > > > > On Wed, May 24, 2017 at 04:33:16PM +0200, Dominick Grift wrote: > > > > > On Wed, May 24, 2017 at 04:22:08PM +0200, Petr Lautrbach wrote: > > > > > > For the motivation see > > > > > > https://marc.info/?l=selinux&m=149435307518336&w=2 > > > > > > > > > > Thanks! I enabled the one with Fedora patches because i need > > > > > python3 support for setools4 > > > > > > > > > > This should allow me to enable extended_socket_class functionality > > > > > and test it. > > > > > > > > > > I hope this repository will be maintained consistently so that it > > > > > can be useful > > > > > > > > I just enabled the extended_socket_class capability and in seinfo -- > > > > polcap -x it currently shows up as "redhat1": > > > > > > > > # seinfo --polcap -x > > > > > > > > Polcap: 3 > > > > policycap network_peer_controls; > > > > policycap open_perms; > > > > policycap redhat1; > > > > > > > > I know the redhat1 polcap is re-used but not sure if this expected to > > > > return like that... > > > > > > Maybe setools4 hasn't been rebuilt to use the updated libsepol, or has > > > its own internal table of the policy capability string names? > > > > thanks , yes thats the case (former) > > I will update scripts to rebuild setools together with selinux sources and > provide setools builds in copr repos Thank you > > > > > > > > > > > > > > > > > > > > > > > > > > > I've restarted building of Fedora packages based on latest > > > > > > SELinux userspace code in Fedora COPR. Packages are built using > > > > > > the https://gitlab.com/bachradsusi/selinux-rpm project. > > > > > > > > > > > > There is a new selinux.spec [1] file which allows to build all > > > > > > Fedora packages from one src.rpm and Makefile which makes the > > > > > > process simple. > > > > > > > > > > > > Currently there are two COPR projects: > > > > > > > > > > > > * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora > > > > > > / > > > > > > > > > > > > This is built with Python3 support based on Fedora patches which > > > > > > are rebased against latest upstream code. > > > > > > > > > > > > > > > > > > * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-SELinu > > > > > > xProject/ > > > > > > > > > > > > This is based on pure upstream sources and without Python 3. > > > > > > > > > > > > > > > > > > Currently I run copr builds manually but the plan is to make it > > > > > > fully automated. > > > > > > > > > > > > > > > > > > Let me know if you find it useful or if you have ideas, comments > > > > > > and so on. > > > > > > > > > > > > > > > > > > [1] https://gitlab.com/bachradsusi/selinux-rpm/blob/master/selinu > > > > > > x.spec > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > Petr > > > > > > > > > > -- > > > > > Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B > > > > > 6B02 > > > > > https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6 > > > > > B02 > > > > > Dominick Grift > > > > > > > > > > > > > > > -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 659 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Fedora COPR repositories with builds of latest code 2017-05-24 14:22 Fedora COPR repositories with builds of latest code Petr Lautrbach 2017-05-24 14:33 ` Dominick Grift @ 2017-05-24 14:43 ` Paul Moore 1 sibling, 0 replies; 8+ messages in thread From: Paul Moore @ 2017-05-24 14:43 UTC (permalink / raw) To: Petr Lautrbach; +Cc: SELinux, Selinux on Fedora discussion On Wed, May 24, 2017 at 10:22 AM, Petr Lautrbach <plautrba@redhat.com> wrote: > For the motivation see > https://marc.info/?l=selinux&m=149435307518336&w=2 > > I've restarted building of Fedora packages based on latest SELinux userspace > code in Fedora COPR. Packages are built using the > https://gitlab.com/bachradsusi/selinux-rpm project. > > There is a new selinux.spec [1] file which allows to build all Fedora > packages from one src.rpm and Makefile which makes the process simple. > > Currently there are two COPR projects: > > * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora/ > > This is built with Python3 support based on Fedora patches which are rebased > against latest upstream code. Thanks Petr! FWIW, I've been using the plautrba/selinux-fedora COPR on my test system for the past ~week and it has been working well. -- paul moore www.paul-moore.com ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2017-05-25 10:07 UTC | newest] Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2017-05-24 14:22 Fedora COPR repositories with builds of latest code Petr Lautrbach 2017-05-24 14:33 ` Dominick Grift 2017-05-24 14:53 ` Dominick Grift 2017-05-24 20:40 ` Stephen Smalley 2017-05-25 5:44 ` Dominick Grift 2017-05-25 9:40 ` Petr Lautrbach 2017-05-25 10:07 ` Dominick Grift 2017-05-24 14:43 ` Paul Moore
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.