* Fedora COPR repositories with builds of latest code
@ 2017-05-24 14:22 Petr Lautrbach
2017-05-24 14:33 ` Dominick Grift
2017-05-24 14:43 ` Paul Moore
0 siblings, 2 replies; 8+ messages in thread
From: Petr Lautrbach @ 2017-05-24 14:22 UTC (permalink / raw)
To: SELinux, Selinux on Fedora discussion
For the motivation see
https://marc.info/?l=selinux&m=149435307518336&w=2
I've restarted building of Fedora packages based on latest SELinux
userspace code in Fedora COPR. Packages are built using the
https://gitlab.com/bachradsusi/selinux-rpm project.
There is a new selinux.spec [1] file which allows to build all Fedora
packages from one src.rpm and Makefile which makes the process simple.
Currently there are two COPR projects:
* https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora/
This is built with Python3 support based on Fedora patches which are
rebased against latest upstream code.
* https://copr.fedorainfracloud.org/coprs/plautrba/selinux-SELinuxProject/
This is based on pure upstream sources and without Python 3.
Currently I run copr builds manually but the plan is to make it fully
automated.
Let me know if you find it useful or if you have ideas, comments and so on.
[1] https://gitlab.com/bachradsusi/selinux-rpm/blob/master/selinux.spec
Thanks,
Petr
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Fedora COPR repositories with builds of latest code
2017-05-24 14:22 Fedora COPR repositories with builds of latest code Petr Lautrbach
@ 2017-05-24 14:33 ` Dominick Grift
2017-05-24 14:53 ` Dominick Grift
2017-05-24 14:43 ` Paul Moore
1 sibling, 1 reply; 8+ messages in thread
From: Dominick Grift @ 2017-05-24 14:33 UTC (permalink / raw)
To: SELinux
[-- Attachment #1: Type: text/plain, Size: 1604 bytes --]
On Wed, May 24, 2017 at 04:22:08PM +0200, Petr Lautrbach wrote:
> For the motivation see
> https://marc.info/?l=selinux&m=149435307518336&w=2
Thanks! I enabled the one with Fedora patches because i need python3 support for setools4
This should allow me to enable extended_socket_class functionality and test it.
I hope this repository will be maintained consistently so that it can be useful
>
> I've restarted building of Fedora packages based on latest
> SELinux userspace code in Fedora COPR. Packages are built using
> the https://gitlab.com/bachradsusi/selinux-rpm project.
>
> There is a new selinux.spec [1] file which allows to build all
> Fedora packages from one src.rpm and Makefile which makes the
> process simple.
>
> Currently there are two COPR projects:
>
> * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora/
>
> This is built with Python3 support based on Fedora patches which
> are rebased against latest upstream code.
>
>
> * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-SELinuxProject/
>
> This is based on pure upstream sources and without Python 3.
>
>
> Currently I run copr builds manually but the plan is to make it
> fully automated.
>
>
> Let me know if you find it useful or if you have ideas, comments and so on.
>
>
> [1] https://gitlab.com/bachradsusi/selinux-rpm/blob/master/selinux.spec
>
>
> Thanks,
>
> Petr
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Fedora COPR repositories with builds of latest code
2017-05-24 14:22 Fedora COPR repositories with builds of latest code Petr Lautrbach
2017-05-24 14:33 ` Dominick Grift
@ 2017-05-24 14:43 ` Paul Moore
1 sibling, 0 replies; 8+ messages in thread
From: Paul Moore @ 2017-05-24 14:43 UTC (permalink / raw)
To: Petr Lautrbach; +Cc: SELinux, Selinux on Fedora discussion
On Wed, May 24, 2017 at 10:22 AM, Petr Lautrbach <plautrba@redhat.com> wrote:
> For the motivation see
> https://marc.info/?l=selinux&m=149435307518336&w=2
>
> I've restarted building of Fedora packages based on latest SELinux userspace
> code in Fedora COPR. Packages are built using the
> https://gitlab.com/bachradsusi/selinux-rpm project.
>
> There is a new selinux.spec [1] file which allows to build all Fedora
> packages from one src.rpm and Makefile which makes the process simple.
>
> Currently there are two COPR projects:
>
> * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora/
>
> This is built with Python3 support based on Fedora patches which are rebased
> against latest upstream code.
Thanks Petr!
FWIW, I've been using the plautrba/selinux-fedora COPR on my test
system for the past ~week and it has been working well.
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Fedora COPR repositories with builds of latest code
2017-05-24 14:33 ` Dominick Grift
@ 2017-05-24 14:53 ` Dominick Grift
2017-05-24 20:40 ` Stephen Smalley
0 siblings, 1 reply; 8+ messages in thread
From: Dominick Grift @ 2017-05-24 14:53 UTC (permalink / raw)
To: SELinux
[-- Attachment #1: Type: text/plain, Size: 2273 bytes --]
On Wed, May 24, 2017 at 04:33:16PM +0200, Dominick Grift wrote:
> On Wed, May 24, 2017 at 04:22:08PM +0200, Petr Lautrbach wrote:
> > For the motivation see
> > https://marc.info/?l=selinux&m=149435307518336&w=2
>
> Thanks! I enabled the one with Fedora patches because i need python3 support for setools4
>
> This should allow me to enable extended_socket_class functionality and test it.
>
> I hope this repository will be maintained consistently so that it can be useful
I just enabled the extended_socket_class capability and in seinfo --polcap -x it currently shows up as "redhat1":
# seinfo --polcap -x
Polcap: 3
policycap network_peer_controls;
policycap open_perms;
policycap redhat1;
I know the redhat1 polcap is re-used but not sure if this expected to return like that...
>
> >
> > I've restarted building of Fedora packages based on latest
> > SELinux userspace code in Fedora COPR. Packages are built using
> > the https://gitlab.com/bachradsusi/selinux-rpm project.
> >
> > There is a new selinux.spec [1] file which allows to build all
> > Fedora packages from one src.rpm and Makefile which makes the
> > process simple.
> >
> > Currently there are two COPR projects:
> >
> > * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora/
> >
> > This is built with Python3 support based on Fedora patches which
> > are rebased against latest upstream code.
> >
> >
> > * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-SELinuxProject/
> >
> > This is based on pure upstream sources and without Python 3.
> >
> >
> > Currently I run copr builds manually but the plan is to make it
> > fully automated.
> >
> >
> > Let me know if you find it useful or if you have ideas, comments and so on.
> >
> >
> > [1] https://gitlab.com/bachradsusi/selinux-rpm/blob/master/selinux.spec
> >
> >
> > Thanks,
> >
> > Petr
>
> --
> Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
> https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
> Dominick Grift
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Fedora COPR repositories with builds of latest code
2017-05-24 14:53 ` Dominick Grift
@ 2017-05-24 20:40 ` Stephen Smalley
2017-05-25 5:44 ` Dominick Grift
0 siblings, 1 reply; 8+ messages in thread
From: Stephen Smalley @ 2017-05-24 20:40 UTC (permalink / raw)
To: Dominick Grift, SELinux
On Wed, 2017-05-24 at 16:53 +0200, Dominick Grift wrote:
> On Wed, May 24, 2017 at 04:33:16PM +0200, Dominick Grift wrote:
> > On Wed, May 24, 2017 at 04:22:08PM +0200, Petr Lautrbach wrote:
> > > For the motivation see
> > > https://marc.info/?l=selinux&m=149435307518336&w=2
> >
> > Thanks! I enabled the one with Fedora patches because i need
> > python3 support for setools4
> >
> > This should allow me to enable extended_socket_class functionality
> > and test it.
> >
> > I hope this repository will be maintained consistently so that it
> > can be useful
>
> I just enabled the extended_socket_class capability and in seinfo --
> polcap -x it currently shows up as "redhat1":
>
> # seinfo --polcap -x
>
> Polcap: 3
> policycap network_peer_controls;
> policycap open_perms;
> policycap redhat1;
>
> I know the redhat1 polcap is re-used but not sure if this expected to
> return like that...
Maybe setools4 hasn't been rebuilt to use the updated libsepol, or has
its own internal table of the policy capability string names?
>
> >
> > >
> > > I've restarted building of Fedora packages based on latest
> > > SELinux userspace code in Fedora COPR. Packages are built using
> > > the https://gitlab.com/bachradsusi/selinux-rpm project.
> > >
> > > There is a new selinux.spec [1] file which allows to build all
> > > Fedora packages from one src.rpm and Makefile which makes the
> > > process simple.
> > >
> > > Currently there are two COPR projects:
> > >
> > > * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora
> > > /
> > >
> > > This is built with Python3 support based on Fedora patches which
> > > are rebased against latest upstream code.
> > >
> > >
> > > * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-SELinu
> > > xProject/
> > >
> > > This is based on pure upstream sources and without Python 3.
> > >
> > >
> > > Currently I run copr builds manually but the plan is to make it
> > > fully automated.
> > >
> > >
> > > Let me know if you find it useful or if you have ideas, comments
> > > and so on.
> > >
> > >
> > > [1] https://gitlab.com/bachradsusi/selinux-rpm/blob/master/selinu
> > > x.spec
> > >
> > >
> > > Thanks,
> > >
> > > Petr
> >
> > --
> > Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B
> > 6B02
> > https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6
> > B02
> > Dominick Grift
>
>
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Fedora COPR repositories with builds of latest code
2017-05-24 20:40 ` Stephen Smalley
@ 2017-05-25 5:44 ` Dominick Grift
2017-05-25 9:40 ` Petr Lautrbach
0 siblings, 1 reply; 8+ messages in thread
From: Dominick Grift @ 2017-05-25 5:44 UTC (permalink / raw)
To: SELinux
[-- Attachment #1: Type: text/plain, Size: 2940 bytes --]
On Wed, May 24, 2017 at 04:40:55PM -0400, Stephen Smalley wrote:
> On Wed, 2017-05-24 at 16:53 +0200, Dominick Grift wrote:
> > On Wed, May 24, 2017 at 04:33:16PM +0200, Dominick Grift wrote:
> > > On Wed, May 24, 2017 at 04:22:08PM +0200, Petr Lautrbach wrote:
> > > > For the motivation see
> > > > https://marc.info/?l=selinux&m=149435307518336&w=2
> > >
> > > Thanks! I enabled the one with Fedora patches because i need
> > > python3 support for setools4
> > >
> > > This should allow me to enable extended_socket_class functionality
> > > and test it.
> > >
> > > I hope this repository will be maintained consistently so that it
> > > can be useful
> >
> > I just enabled the extended_socket_class capability and in seinfo --
> > polcap -x it currently shows up as "redhat1":
> >
> > # seinfo --polcap -x
> >
> > Polcap: 3
> > policycap network_peer_controls;
> > policycap open_perms;
> > policycap redhat1;
> >
> > I know the redhat1 polcap is re-used but not sure if this expected to
> > return like that...
>
> Maybe setools4 hasn't been rebuilt to use the updated libsepol, or has
> its own internal table of the policy capability string names?
thanks , yes thats the case (former)
>
> >
> > >
> > > >
> > > > I've restarted building of Fedora packages based on latest
> > > > SELinux userspace code in Fedora COPR. Packages are built using
> > > > the https://gitlab.com/bachradsusi/selinux-rpm project.
> > > >
> > > > There is a new selinux.spec [1] file which allows to build all
> > > > Fedora packages from one src.rpm and Makefile which makes the
> > > > process simple.
> > > >
> > > > Currently there are two COPR projects:
> > > >
> > > > * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora
> > > > /
> > > >
> > > > This is built with Python3 support based on Fedora patches which
> > > > are rebased against latest upstream code.
> > > >
> > > >
> > > > * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-SELinu
> > > > xProject/
> > > >
> > > > This is based on pure upstream sources and without Python 3.
> > > >
> > > >
> > > > Currently I run copr builds manually but the plan is to make it
> > > > fully automated.
> > > >
> > > >
> > > > Let me know if you find it useful or if you have ideas, comments
> > > > and so on.
> > > >
> > > >
> > > > [1] https://gitlab.com/bachradsusi/selinux-rpm/blob/master/selinu
> > > > x.spec
> > > >
> > > >
> > > > Thanks,
> > > >
> > > > Petr
> > >
> > > --
> > > Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B
> > > 6B02
> > > https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6
> > > B02
> > > Dominick Grift
> >
> >
> >
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Fedora COPR repositories with builds of latest code
2017-05-25 5:44 ` Dominick Grift
@ 2017-05-25 9:40 ` Petr Lautrbach
2017-05-25 10:07 ` Dominick Grift
0 siblings, 1 reply; 8+ messages in thread
From: Petr Lautrbach @ 2017-05-25 9:40 UTC (permalink / raw)
To: SELinux
On 05/25/2017 07:44 AM, Dominick Grift wrote:
> On Wed, May 24, 2017 at 04:40:55PM -0400, Stephen Smalley wrote:
>> On Wed, 2017-05-24 at 16:53 +0200, Dominick Grift wrote:
>>> On Wed, May 24, 2017 at 04:33:16PM +0200, Dominick Grift wrote:
>>>> On Wed, May 24, 2017 at 04:22:08PM +0200, Petr Lautrbach wrote:
>>>>> For the motivation see
>>>>> https://marc.info/?l=selinux&m=149435307518336&w=2
>>>>
>>>> Thanks! I enabled the one with Fedora patches because i need
>>>> python3 support for setools4
>>>>
>>>> This should allow me to enable extended_socket_class functionality
>>>> and test it.
>>>>
>>>> I hope this repository will be maintained consistently so that it
>>>> can be useful
>>>
>>> I just enabled the extended_socket_class capability and in seinfo --
>>> polcap -x it currently shows up as "redhat1":
>>>
>>> # seinfo --polcap -x
>>>
>>> Polcap: 3
>>> policycap network_peer_controls;
>>> policycap open_perms;
>>> policycap redhat1;
>>>
>>> I know the redhat1 polcap is re-used but not sure if this expected to
>>> return like that...
>>
>> Maybe setools4 hasn't been rebuilt to use the updated libsepol, or has
>> its own internal table of the policy capability string names?
>
> thanks , yes thats the case (former)
I will update scripts to rebuild setools together with selinux sources
and provide setools builds in copr repos
>
>>
>>>
>>>>
>>>>>
>>>>> I've restarted building of Fedora packages based on latest
>>>>> SELinux userspace code in Fedora COPR. Packages are built using
>>>>> the https://gitlab.com/bachradsusi/selinux-rpm project.
>>>>>
>>>>> There is a new selinux.spec [1] file which allows to build all
>>>>> Fedora packages from one src.rpm and Makefile which makes the
>>>>> process simple.
>>>>>
>>>>> Currently there are two COPR projects:
>>>>>
>>>>> * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora
>>>>> /
>>>>>
>>>>> This is built with Python3 support based on Fedora patches which
>>>>> are rebased against latest upstream code.
>>>>>
>>>>>
>>>>> * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-SELinu
>>>>> xProject/
>>>>>
>>>>> This is based on pure upstream sources and without Python 3.
>>>>>
>>>>>
>>>>> Currently I run copr builds manually but the plan is to make it
>>>>> fully automated.
>>>>>
>>>>>
>>>>> Let me know if you find it useful or if you have ideas, comments
>>>>> and so on.
>>>>>
>>>>>
>>>>> [1] https://gitlab.com/bachradsusi/selinux-rpm/blob/master/selinu
>>>>> x.spec
>>>>>
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Petr
>>>>
>>>> --
>>>> Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B
>>>> 6B02
>>>> https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6
>>>> B02
>>>> Dominick Grift
>>>
>>>
>>>
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Fedora COPR repositories with builds of latest code
2017-05-25 9:40 ` Petr Lautrbach
@ 2017-05-25 10:07 ` Dominick Grift
0 siblings, 0 replies; 8+ messages in thread
From: Dominick Grift @ 2017-05-25 10:07 UTC (permalink / raw)
To: selinux
[-- Attachment #1: Type: text/plain, Size: 3550 bytes --]
On Thu, May 25, 2017 at 11:40:49AM +0200, Petr Lautrbach wrote:
> On 05/25/2017 07:44 AM, Dominick Grift wrote:
> > On Wed, May 24, 2017 at 04:40:55PM -0400, Stephen Smalley wrote:
> > > On Wed, 2017-05-24 at 16:53 +0200, Dominick Grift wrote:
> > > > On Wed, May 24, 2017 at 04:33:16PM +0200, Dominick Grift wrote:
> > > > > On Wed, May 24, 2017 at 04:22:08PM +0200, Petr Lautrbach wrote:
> > > > > > For the motivation see
> > > > > > https://marc.info/?l=selinux&m=149435307518336&w=2
> > > > >
> > > > > Thanks! I enabled the one with Fedora patches because i need
> > > > > python3 support for setools4
> > > > >
> > > > > This should allow me to enable extended_socket_class functionality
> > > > > and test it.
> > > > >
> > > > > I hope this repository will be maintained consistently so that it
> > > > > can be useful
> > > >
> > > > I just enabled the extended_socket_class capability and in seinfo --
> > > > polcap -x it currently shows up as "redhat1":
> > > >
> > > > # seinfo --polcap -x
> > > >
> > > > Polcap: 3
> > > > policycap network_peer_controls;
> > > > policycap open_perms;
> > > > policycap redhat1;
> > > >
> > > > I know the redhat1 polcap is re-used but not sure if this expected to
> > > > return like that...
> > >
> > > Maybe setools4 hasn't been rebuilt to use the updated libsepol, or has
> > > its own internal table of the policy capability string names?
> >
> > thanks , yes thats the case (former)
>
> I will update scripts to rebuild setools together with selinux sources and
> provide setools builds in copr repos
Thank you
>
> >
> > >
> > > >
> > > > >
> > > > > >
> > > > > > I've restarted building of Fedora packages based on latest
> > > > > > SELinux userspace code in Fedora COPR. Packages are built using
> > > > > > the https://gitlab.com/bachradsusi/selinux-rpm project.
> > > > > >
> > > > > > There is a new selinux.spec [1] file which allows to build all
> > > > > > Fedora packages from one src.rpm and Makefile which makes the
> > > > > > process simple.
> > > > > >
> > > > > > Currently there are two COPR projects:
> > > > > >
> > > > > > * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora
> > > > > > /
> > > > > >
> > > > > > This is built with Python3 support based on Fedora patches which
> > > > > > are rebased against latest upstream code.
> > > > > >
> > > > > >
> > > > > > * https://copr.fedorainfracloud.org/coprs/plautrba/selinux-SELinu
> > > > > > xProject/
> > > > > >
> > > > > > This is based on pure upstream sources and without Python 3.
> > > > > >
> > > > > >
> > > > > > Currently I run copr builds manually but the plan is to make it
> > > > > > fully automated.
> > > > > >
> > > > > >
> > > > > > Let me know if you find it useful or if you have ideas, comments
> > > > > > and so on.
> > > > > >
> > > > > >
> > > > > > [1] https://gitlab.com/bachradsusi/selinux-rpm/blob/master/selinu
> > > > > > x.spec
> > > > > >
> > > > > >
> > > > > > Thanks,
> > > > > >
> > > > > > Petr
> > > > >
> > > > > --
> > > > > Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B
> > > > > 6B02
> > > > > https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6
> > > > > B02
> > > > > Dominick Grift
> > > >
> > > >
> > > >
> >
>
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2017-05-25 10:07 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-24 14:22 Fedora COPR repositories with builds of latest code Petr Lautrbach
2017-05-24 14:33 ` Dominick Grift
2017-05-24 14:53 ` Dominick Grift
2017-05-24 20:40 ` Stephen Smalley
2017-05-25 5:44 ` Dominick Grift
2017-05-25 9:40 ` Petr Lautrbach
2017-05-25 10:07 ` Dominick Grift
2017-05-24 14:43 ` Paul Moore
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.