From: Jag Raman <jag.raman@oracle.com>
To: refpolicy <selinux-refpolicy@vger.kernel.org>,
selinux-refpolicy@vger.kernel.org
Cc: Chris PeBenito <pebenito@ieee.org>
Subject: Re: Testing changes to "refpolicy"
Date: Tue, 9 Apr 2019 11:58:28 -0400 [thread overview]
Message-ID: <a30c598d-74e0-f3c2-7295-9ac3b1de0947@oracle.com> (raw)
In-Reply-To: <bedcd7c2-1dce-0612-ef38-24bf6aeaaf73@ieee.org>
On 4/9/2019 8:02 AM, Chris PeBenito wrote:
> On 4/8/19 11:05 AM, Jag Raman wrote:
>> Hi,
>>
>> I need some help with testing "refpolicy".
>>
>> I'm able to install and load the refpolicy. But I'm unable
>> to switch to "enforcing" mode because the OS (Fedora29)
>> hangs due to missing policies.
>>
>> What distro of Linux are we expected to use for testing it?
>>
>> Are there any patches that should be applied on top of it?
>> If so where could it be found? I'm trying to find out how
>> you test changes to the refpolicy.
>>
>> Thank you very much!
>
Hi Chris,
Thanks for your response.
> Please note the new refpolicy list. [1]
Sorry about this. I've subscribed to the new list, and added it to this
email.
>
> There is no official distro for testing. It does support customizations
> for various distributions (DISTRO build option), but that also depends
> on how much of the distro's customizations are upstreamed.
I tried setting the "DISTRO" build option to "redhat", and tested on
Fedora. But it looks like "refpolicy" customizations are not upstream
for Fedora. It could be because RedHat is maintaining a separate set of
patches [2] that apply on top of an older version (RELEASE_2_20130424)
of SELinux refpolicy.
Do you know of any distro whose customizations are upstream?
[2] https://git.centos.org/summary/?r=rpms/selinux-policy.git
Thanks!
--
Jag
>
> [1] http://vger.kernel.org/vger-lists.html#selinux-refpolicy
>
next prev parent reply other threads:[~2019-04-09 15:58 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <fb70d47d-abb5-7dfd-e0c1-bc8eca28cba8@oracle.com>
2019-04-09 12:02 ` Testing changes to "refpolicy" Chris PeBenito
2019-04-09 15:58 ` Jag Raman [this message]
2019-04-10 0:59 ` Russell Coker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a30c598d-74e0-f3c2-7295-9ac3b1de0947@oracle.com \
--to=jag.raman@oracle.com \
--cc=pebenito@ieee.org \
--cc=selinux-refpolicy@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).