All of lore.kernel.org
 help / color / mirror / Atom feed
* Fedora COPR repositories with builds of latest code
@ 2017-05-24 14:22 Petr Lautrbach
  2017-05-24 14:33 ` Dominick Grift
  2017-05-24 14:43 ` Paul Moore
  0 siblings, 2 replies; 8+ messages in thread
From: Petr Lautrbach @ 2017-05-24 14:22 UTC (permalink / raw)
  To: SELinux, Selinux on Fedora discussion

For the motivation see
https://marc.info/?l=selinux&m=149435307518336&w=2

I've restarted building of Fedora packages based on latest SELinux 
userspace code in Fedora COPR. Packages are built using the 
https://gitlab.com/bachradsusi/selinux-rpm project.

There is a new selinux.spec [1] file which allows to build all Fedora 
packages from one src.rpm and Makefile which makes the process simple.

Currently there are two COPR projects:

* https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora/

This is built with Python3 support based on Fedora patches which are 
rebased against latest upstream code.


* https://copr.fedorainfracloud.org/coprs/plautrba/selinux-SELinuxProject/

This is based on pure upstream sources and without Python 3.


Currently I run copr builds manually but the plan is to make it fully 
automated.


Let me know if you find it useful or if you have ideas, comments and so on.


[1] https://gitlab.com/bachradsusi/selinux-rpm/blob/master/selinux.spec


Thanks,

Petr

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: Fedora COPR repositories with builds of latest code
  2017-05-24 14:22 Fedora COPR repositories with builds of latest code Petr Lautrbach
@ 2017-05-24 14:33 ` Dominick Grift
  2017-05-24 14:53   ` Dominick Grift
  2017-05-24 14:43 ` Paul Moore
  1 sibling, 1 reply; 8+ messages in thread
From: Dominick Grift @ 2017-05-24 14:33 UTC (permalink / raw)
  To: SELinux

[-- Attachment #1: Type: text/plain, Size: 1604 bytes --]

On Wed, May 24, 2017 at 04:22:08PM +0200, Petr Lautrbach wrote:
> For the motivation see
> https://marc.info/?l=selinux&m=149435307518336&w=2

Thanks! I enabled the one with Fedora patches because i need python3 support for setools4

This should allow me to enable extended_socket_class functionality and test it.

I hope this repository will be maintained consistently so that it can be useful

> 
> I've restarted building of Fedora packages based on latest
> SELinux userspace code in Fedora COPR. Packages are built using
> the https://gitlab.com/bachradsusi/selinux-rpm project.
> 
> There is a new selinux.spec [1] file which allows to build all
> Fedora packages from one src.rpm and Makefile which makes the
> process simple.
> 
> Currently there are two COPR projects:
> 
> * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora/
> 
> This is built with Python3 support based on Fedora patches which
> are rebased against latest upstream code.
> 
> 
> * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-SELinuxProject/
> 
> This is based on pure upstream sources and without Python 3.
> 
> 
> Currently I run copr builds manually but the plan is to make it
> fully automated.
> 
> 
> Let me know if you find it useful or if you have ideas, comments and so on.
> 
> 
> [1] https://gitlab.com/bachradsusi/selinux-rpm/blob/master/selinux.spec
> 
> 
> Thanks,
> 
> Petr

-- 
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8  02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: Fedora COPR repositories with builds of latest code
  2017-05-24 14:22 Fedora COPR repositories with builds of latest code Petr Lautrbach
  2017-05-24 14:33 ` Dominick Grift
@ 2017-05-24 14:43 ` Paul Moore
  1 sibling, 0 replies; 8+ messages in thread
From: Paul Moore @ 2017-05-24 14:43 UTC (permalink / raw)
  To: Petr Lautrbach; +Cc: SELinux, Selinux on Fedora discussion

On Wed, May 24, 2017 at 10:22 AM, Petr Lautrbach <plautrba@redhat.com> wrote:
> For the motivation see
> https://marc.info/?l=selinux&m=149435307518336&w=2
>
> I've restarted building of Fedora packages based on latest SELinux userspace
> code in Fedora COPR. Packages are built using the
> https://gitlab.com/bachradsusi/selinux-rpm project.
>
> There is a new selinux.spec [1] file which allows to build all Fedora
> packages from one src.rpm and Makefile which makes the process simple.
>
> Currently there are two COPR projects:
>
> * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora/
>
> This is built with Python3 support based on Fedora patches which are rebased
> against latest upstream code.

Thanks Petr!

FWIW, I've been using the plautrba/selinux-fedora COPR on my test
system for the past ~week and it has been working well.

-- 
paul moore
www.paul-moore.com

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: Fedora COPR repositories with builds of latest code
  2017-05-24 14:33 ` Dominick Grift
@ 2017-05-24 14:53   ` Dominick Grift
  2017-05-24 20:40     ` Stephen Smalley
  0 siblings, 1 reply; 8+ messages in thread
From: Dominick Grift @ 2017-05-24 14:53 UTC (permalink / raw)
  To: SELinux

[-- Attachment #1: Type: text/plain, Size: 2273 bytes --]

On Wed, May 24, 2017 at 04:33:16PM +0200, Dominick Grift wrote:
> On Wed, May 24, 2017 at 04:22:08PM +0200, Petr Lautrbach wrote:
> > For the motivation see
> > https://marc.info/?l=selinux&m=149435307518336&w=2
> 
> Thanks! I enabled the one with Fedora patches because i need python3 support for setools4
> 
> This should allow me to enable extended_socket_class functionality and test it.
> 
> I hope this repository will be maintained consistently so that it can be useful

I just enabled the extended_socket_class capability and in seinfo --polcap -x it currently shows up as "redhat1":

# seinfo --polcap -x

Polcap: 3
   policycap network_peer_controls;
   policycap open_perms;
   policycap redhat1;

I know the redhat1 polcap is re-used but not sure if this expected to return like that...

> 
> > 
> > I've restarted building of Fedora packages based on latest
> > SELinux userspace code in Fedora COPR. Packages are built using
> > the https://gitlab.com/bachradsusi/selinux-rpm project.
> > 
> > There is a new selinux.spec [1] file which allows to build all
> > Fedora packages from one src.rpm and Makefile which makes the
> > process simple.
> > 
> > Currently there are two COPR projects:
> > 
> > * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora/
> > 
> > This is built with Python3 support based on Fedora patches which
> > are rebased against latest upstream code.
> > 
> > 
> > * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-SELinuxProject/
> > 
> > This is based on pure upstream sources and without Python 3.
> > 
> > 
> > Currently I run copr builds manually but the plan is to make it
> > fully automated.
> > 
> > 
> > Let me know if you find it useful or if you have ideas, comments and so on.
> > 
> > 
> > [1] https://gitlab.com/bachradsusi/selinux-rpm/blob/master/selinux.spec
> > 
> > 
> > Thanks,
> > 
> > Petr
> 
> -- 
> Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8  02D5 3B6C 5F1D 2C7B 6B02
> https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
> Dominick Grift



-- 
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8  02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: Fedora COPR repositories with builds of latest code
  2017-05-24 14:53   ` Dominick Grift
@ 2017-05-24 20:40     ` Stephen Smalley
  2017-05-25  5:44       ` Dominick Grift
  0 siblings, 1 reply; 8+ messages in thread
From: Stephen Smalley @ 2017-05-24 20:40 UTC (permalink / raw)
  To: Dominick Grift, SELinux

On Wed, 2017-05-24 at 16:53 +0200, Dominick Grift wrote:
> On Wed, May 24, 2017 at 04:33:16PM +0200, Dominick Grift wrote:
> > On Wed, May 24, 2017 at 04:22:08PM +0200, Petr Lautrbach wrote:
> > > For the motivation see
> > > https://marc.info/?l=selinux&m=149435307518336&w=2
> > 
> > Thanks! I enabled the one with Fedora patches because i need
> > python3 support for setools4
> > 
> > This should allow me to enable extended_socket_class functionality
> > and test it.
> > 
> > I hope this repository will be maintained consistently so that it
> > can be useful
> 
> I just enabled the extended_socket_class capability and in seinfo --
> polcap -x it currently shows up as "redhat1":
> 
> # seinfo --polcap -x
> 
> Polcap: 3
>    policycap network_peer_controls;
>    policycap open_perms;
>    policycap redhat1;
> 
> I know the redhat1 polcap is re-used but not sure if this expected to
> return like that...

Maybe setools4 hasn't been rebuilt to use the updated libsepol, or has
its own internal table of the policy capability string names?

> 
> > 
> > > 
> > > I've restarted building of Fedora packages based on latest
> > > SELinux userspace code in Fedora COPR. Packages are built using
> > > the https://gitlab.com/bachradsusi/selinux-rpm project.
> > > 
> > > There is a new selinux.spec [1] file which allows to build all
> > > Fedora packages from one src.rpm and Makefile which makes the
> > > process simple.
> > > 
> > > Currently there are two COPR projects:
> > > 
> > > * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora
> > > /
> > > 
> > > This is built with Python3 support based on Fedora patches which
> > > are rebased against latest upstream code.
> > > 
> > > 
> > > * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-SELinu
> > > xProject/
> > > 
> > > This is based on pure upstream sources and without Python 3.
> > > 
> > > 
> > > Currently I run copr builds manually but the plan is to make it
> > > fully automated.
> > > 
> > > 
> > > Let me know if you find it useful or if you have ideas, comments
> > > and so on.
> > > 
> > > 
> > > [1] https://gitlab.com/bachradsusi/selinux-rpm/blob/master/selinu
> > > x.spec
> > > 
> > > 
> > > Thanks,
> > > 
> > > Petr
> > 
> > -- 
> > Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8  02D5 3B6C 5F1D 2C7B
> > 6B02
> > https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6
> > B02
> > Dominick Grift
> 
> 
> 

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: Fedora COPR repositories with builds of latest code
  2017-05-24 20:40     ` Stephen Smalley
@ 2017-05-25  5:44       ` Dominick Grift
  2017-05-25  9:40         ` Petr Lautrbach
  0 siblings, 1 reply; 8+ messages in thread
From: Dominick Grift @ 2017-05-25  5:44 UTC (permalink / raw)
  To: SELinux

[-- Attachment #1: Type: text/plain, Size: 2940 bytes --]

On Wed, May 24, 2017 at 04:40:55PM -0400, Stephen Smalley wrote:
> On Wed, 2017-05-24 at 16:53 +0200, Dominick Grift wrote:
> > On Wed, May 24, 2017 at 04:33:16PM +0200, Dominick Grift wrote:
> > > On Wed, May 24, 2017 at 04:22:08PM +0200, Petr Lautrbach wrote:
> > > > For the motivation see
> > > > https://marc.info/?l=selinux&m=149435307518336&w=2
> > > 
> > > Thanks! I enabled the one with Fedora patches because i need
> > > python3 support for setools4
> > > 
> > > This should allow me to enable extended_socket_class functionality
> > > and test it.
> > > 
> > > I hope this repository will be maintained consistently so that it
> > > can be useful
> > 
> > I just enabled the extended_socket_class capability and in seinfo --
> > polcap -x it currently shows up as "redhat1":
> > 
> > # seinfo --polcap -x
> > 
> > Polcap: 3
> >    policycap network_peer_controls;
> >    policycap open_perms;
> >    policycap redhat1;
> > 
> > I know the redhat1 polcap is re-used but not sure if this expected to
> > return like that...
> 
> Maybe setools4 hasn't been rebuilt to use the updated libsepol, or has
> its own internal table of the policy capability string names?

thanks , yes thats the case (former)

> 
> > 
> > > 
> > > > 
> > > > I've restarted building of Fedora packages based on latest
> > > > SELinux userspace code in Fedora COPR. Packages are built using
> > > > the https://gitlab.com/bachradsusi/selinux-rpm project.
> > > > 
> > > > There is a new selinux.spec [1] file which allows to build all
> > > > Fedora packages from one src.rpm and Makefile which makes the
> > > > process simple.
> > > > 
> > > > Currently there are two COPR projects:
> > > > 
> > > > * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora
> > > > /
> > > > 
> > > > This is built with Python3 support based on Fedora patches which
> > > > are rebased against latest upstream code.
> > > > 
> > > > 
> > > > * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-SELinu
> > > > xProject/
> > > > 
> > > > This is based on pure upstream sources and without Python 3.
> > > > 
> > > > 
> > > > Currently I run copr builds manually but the plan is to make it
> > > > fully automated.
> > > > 
> > > > 
> > > > Let me know if you find it useful or if you have ideas, comments
> > > > and so on.
> > > > 
> > > > 
> > > > [1] https://gitlab.com/bachradsusi/selinux-rpm/blob/master/selinu
> > > > x.spec
> > > > 
> > > > 
> > > > Thanks,
> > > > 
> > > > Petr
> > > 
> > > -- 
> > > Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8  02D5 3B6C 5F1D 2C7B
> > > 6B02
> > > https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6
> > > B02
> > > Dominick Grift
> > 
> > 
> > 

-- 
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8  02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: Fedora COPR repositories with builds of latest code
  2017-05-25  5:44       ` Dominick Grift
@ 2017-05-25  9:40         ` Petr Lautrbach
  2017-05-25 10:07           ` Dominick Grift
  0 siblings, 1 reply; 8+ messages in thread
From: Petr Lautrbach @ 2017-05-25  9:40 UTC (permalink / raw)
  To: SELinux

On 05/25/2017 07:44 AM, Dominick Grift wrote:
> On Wed, May 24, 2017 at 04:40:55PM -0400, Stephen Smalley wrote:
>> On Wed, 2017-05-24 at 16:53 +0200, Dominick Grift wrote:
>>> On Wed, May 24, 2017 at 04:33:16PM +0200, Dominick Grift wrote:
>>>> On Wed, May 24, 2017 at 04:22:08PM +0200, Petr Lautrbach wrote:
>>>>> For the motivation see
>>>>> https://marc.info/?l=selinux&m=149435307518336&w=2
>>>>
>>>> Thanks! I enabled the one with Fedora patches because i need
>>>> python3 support for setools4
>>>>
>>>> This should allow me to enable extended_socket_class functionality
>>>> and test it.
>>>>
>>>> I hope this repository will be maintained consistently so that it
>>>> can be useful
>>>
>>> I just enabled the extended_socket_class capability and in seinfo --
>>> polcap -x it currently shows up as "redhat1":
>>>
>>> # seinfo --polcap -x
>>>
>>> Polcap: 3
>>>     policycap network_peer_controls;
>>>     policycap open_perms;
>>>     policycap redhat1;
>>>
>>> I know the redhat1 polcap is re-used but not sure if this expected to
>>> return like that...
>>
>> Maybe setools4 hasn't been rebuilt to use the updated libsepol, or has
>> its own internal table of the policy capability string names?
> 
> thanks , yes thats the case (former)

I will update scripts to rebuild setools together with selinux sources 
and provide setools builds in copr repos

> 
>>
>>>
>>>>
>>>>>
>>>>> I've restarted building of Fedora packages based on latest
>>>>> SELinux userspace code in Fedora COPR. Packages are built using
>>>>> the https://gitlab.com/bachradsusi/selinux-rpm project.
>>>>>
>>>>> There is a new selinux.spec [1] file which allows to build all
>>>>> Fedora packages from one src.rpm and Makefile which makes the
>>>>> process simple.
>>>>>
>>>>> Currently there are two COPR projects:
>>>>>
>>>>> * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora
>>>>> /
>>>>>
>>>>> This is built with Python3 support based on Fedora patches which
>>>>> are rebased against latest upstream code.
>>>>>
>>>>>
>>>>> * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-SELinu
>>>>> xProject/
>>>>>
>>>>> This is based on pure upstream sources and without Python 3.
>>>>>
>>>>>
>>>>> Currently I run copr builds manually but the plan is to make it
>>>>> fully automated.
>>>>>
>>>>>
>>>>> Let me know if you find it useful or if you have ideas, comments
>>>>> and so on.
>>>>>
>>>>>
>>>>> [1] https://gitlab.com/bachradsusi/selinux-rpm/blob/master/selinu
>>>>> x.spec
>>>>>
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Petr
>>>>
>>>> -- 
>>>> Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8  02D5 3B6C 5F1D 2C7B
>>>> 6B02
>>>> https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6
>>>> B02
>>>> Dominick Grift
>>>
>>>
>>>
> 

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: Fedora COPR repositories with builds of latest code
  2017-05-25  9:40         ` Petr Lautrbach
@ 2017-05-25 10:07           ` Dominick Grift
  0 siblings, 0 replies; 8+ messages in thread
From: Dominick Grift @ 2017-05-25 10:07 UTC (permalink / raw)
  To: selinux

[-- Attachment #1: Type: text/plain, Size: 3550 bytes --]

On Thu, May 25, 2017 at 11:40:49AM +0200, Petr Lautrbach wrote:
> On 05/25/2017 07:44 AM, Dominick Grift wrote:
> > On Wed, May 24, 2017 at 04:40:55PM -0400, Stephen Smalley wrote:
> > > On Wed, 2017-05-24 at 16:53 +0200, Dominick Grift wrote:
> > > > On Wed, May 24, 2017 at 04:33:16PM +0200, Dominick Grift wrote:
> > > > > On Wed, May 24, 2017 at 04:22:08PM +0200, Petr Lautrbach wrote:
> > > > > > For the motivation see
> > > > > > https://marc.info/?l=selinux&m=149435307518336&w=2
> > > > > 
> > > > > Thanks! I enabled the one with Fedora patches because i need
> > > > > python3 support for setools4
> > > > > 
> > > > > This should allow me to enable extended_socket_class functionality
> > > > > and test it.
> > > > > 
> > > > > I hope this repository will be maintained consistently so that it
> > > > > can be useful
> > > > 
> > > > I just enabled the extended_socket_class capability and in seinfo --
> > > > polcap -x it currently shows up as "redhat1":
> > > > 
> > > > # seinfo --polcap -x
> > > > 
> > > > Polcap: 3
> > > >     policycap network_peer_controls;
> > > >     policycap open_perms;
> > > >     policycap redhat1;
> > > > 
> > > > I know the redhat1 polcap is re-used but not sure if this expected to
> > > > return like that...
> > > 
> > > Maybe setools4 hasn't been rebuilt to use the updated libsepol, or has
> > > its own internal table of the policy capability string names?
> > 
> > thanks , yes thats the case (former)
> 
> I will update scripts to rebuild setools together with selinux sources and
> provide setools builds in copr repos

Thank you
> 
> > 
> > > 
> > > > 
> > > > > 
> > > > > > 
> > > > > > I've restarted building of Fedora packages based on latest
> > > > > > SELinux userspace code in Fedora COPR. Packages are built using
> > > > > > the https://gitlab.com/bachradsusi/selinux-rpm project.
> > > > > > 
> > > > > > There is a new selinux.spec [1] file which allows to build all
> > > > > > Fedora packages from one src.rpm and Makefile which makes the
> > > > > > process simple.
> > > > > > 
> > > > > > Currently there are two COPR projects:
> > > > > > 
> > > > > > * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora
> > > > > > /
> > > > > > 
> > > > > > This is built with Python3 support based on Fedora patches which
> > > > > > are rebased against latest upstream code.
> > > > > > 
> > > > > > 
> > > > > > * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-SELinu
> > > > > > xProject/
> > > > > > 
> > > > > > This is based on pure upstream sources and without Python 3.
> > > > > > 
> > > > > > 
> > > > > > Currently I run copr builds manually but the plan is to make it
> > > > > > fully automated.
> > > > > > 
> > > > > > 
> > > > > > Let me know if you find it useful or if you have ideas, comments
> > > > > > and so on.
> > > > > > 
> > > > > > 
> > > > > > [1] https://gitlab.com/bachradsusi/selinux-rpm/blob/master/selinu
> > > > > > x.spec
> > > > > > 
> > > > > > 
> > > > > > Thanks,
> > > > > > 
> > > > > > Petr
> > > > > 
> > > > > -- 
> > > > > Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8  02D5 3B6C 5F1D 2C7B
> > > > > 6B02
> > > > > https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6
> > > > > B02
> > > > > Dominick Grift
> > > > 
> > > > 
> > > > 
> > 
> 

-- 
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8  02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread
end of thread, other threads:[~2017-05-25 10:07 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-24 14:22 Fedora COPR repositories with builds of latest code Petr Lautrbach
2017-05-24 14:33 ` Dominick Grift
2017-05-24 14:53   ` Dominick Grift
2017-05-24 20:40     ` Stephen Smalley
2017-05-25  5:44       ` Dominick Grift
2017-05-25  9:40         ` Petr Lautrbach
2017-05-25 10:07           ` Dominick Grift
2017-05-24 14:43 ` Paul Moore

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.