Hi,
I'm new to this email list. I'm wondering if it's possible to contribute to Fedora's SELinux policy.
We are developing "multi-process" QEMU, which dis-aggregates emulated devices into separate processes. We are also developing SELinux policies to confine the dis-aggregated processes to the resources they need.
We would like to contribute to Fedora's SELinux policy as it appears to be the upstream for similar distros like RHEL, CentOS, etc...
Could you please confirm how we could go about contributing to Fedora's SELinux policy? Is there a publicly accessible repo. where we could contribute?
Thanks! -- Jag
"JR" == Jag Raman jag.raman@oracle.com writes:
JR> Could you please confirm how we could go about contributing to JR> Fedora's SELinux policy? Is there a publicly accessible repo. where JR> we could contribute?
The selinux-policy RPM references the repository:
URL : https://github.com/fedora-selinux/selinux-policy
There are several projects under https://github.com/fedora-selinux which might interest you. I see that pull requests are being merged so that seems a reasonable way to contribute.
- J<
Agree with Jason,
Feel free to contribute, we'll be more than glad ;)
Thanks, Lukas.
On 4/23/19 11:35 PM, Jason L Tibbitts III wrote:
"JR" == Jag Raman jag.raman@oracle.com writes:
JR> Could you please confirm how we could go about contributing to JR> Fedora's SELinux policy? Is there a publicly accessible repo. where JR> we could contribute?
The selinux-policy RPM references the repository:
URL : https://github.com/fedora-selinux/selinux-policy
There are several projects under https://github.com/fedora-selinux which might interest you. I see that pull requests are being merged so that seems a reasonable way to contribute.
- J<
selinux mailing list -- selinux@lists.fedoraproject.org To unsubscribe send an email to selinux-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.or...
On Apr 24, 2019, at 7:11 AM, Lukas Vrabec lvrabec@redhat.com wrote:
Agree with Jason,
Feel free to contribute, we'll be more than glad ;)
Thanks, Lukas.
On 4/23/19 11:35 PM, Jason L Tibbitts III wrote:
> "JR" == Jag Raman jag.raman@oracle.com writes:
JR> Could you please confirm how we could go about contributing to JR> Fedora's SELinux policy? Is there a publicly accessible repo. where JR> we could contribute?
The selinux-policy RPM references the repository:
URL : https://github.com/fedora-selinux/selinux-policy
There are several projects under https://github.com/fedora-selinux which might interest you. I see that pull requests are being merged so that seems a reasonable way to contribute.
- J<
Thank you very much Jason & Lukas.
I’m trying to build the policy. After cloning the “selinux-policy" repo., we need to execute “.travis.yml” to setup the “contrib” folder. Is that correct?
Thanks! — Jag
selinux mailing list -- selinux@lists.fedoraproject.org To unsubscribe send an email to selinux-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.or...
-- Lukas Vrabec Senior Software Engineer, Security Technologies Red Hat, Inc.
selinux mailing list -- selinux@lists.fedoraproject.org To unsubscribe send an email to selinux-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.or...
On 4/24/2019 10:24 AM, Jag Raman wrote:
On Apr 24, 2019, at 7:11 AM, Lukas Vrabec lvrabec@redhat.com wrote:
Agree with Jason,
Feel free to contribute, we'll be more than glad ;)
Thanks, Lukas.
On 4/23/19 11:35 PM, Jason L Tibbitts III wrote:
The selinux-policy RPM references the repository:
URL : https://github.com/fedora-selinux/selinux-policy
There are several projects under https://github.com/fedora-selinux which might interest you. I see that pull requests are being merged so that seems a reasonable way to contribute.
- J<
Thank you very much Jason & Lukas.
I’m trying to build the policy. After cloning the “selinux-policy" repo., we need to execute “.travis.yml” to setup the “contrib” folder. Is that correct?
I'm facing some build issues, and would like to confirm that the following steps I'm following to build the policy are correct.
# git clone https://github.com/containers/container-selinux.git # rm -rf selinux-policy/policy/modules/contrib # git clone https://github.com/fedora-selinux/selinux-policy-contrib.git selinux-policy/policy/modules/contrib; # git clone https://github.com/containers/container-selinux.git # cp container-selinux/container.* selinux-policy/policy/modules/contrib; # cd selinux-policy # make conf # make policy
One of the issues I'm facing is that "djbdns.te" is passing an attribute (djbdns_domain) as argument to the interface "corenet_all_recvfrom_unlabeled". That doesn't seem correct, and therefore wondering if we're even supposed to build policy for djbdns.
Could someone kindly confirm the steps to build the Fedora selinux-policy with "contrib"s.
Thanks! -- Jag
Thanks! — Jag
On 4/26/19 6:01 PM, Jag Raman wrote:
On 4/24/2019 10:24 AM, Jag Raman wrote:
On Apr 24, 2019, at 7:11 AM, Lukas Vrabec lvrabec@redhat.com wrote:
Agree with Jason,
Feel free to contribute, we'll be more than glad ;)
Thanks, Lukas.
On 4/23/19 11:35 PM, Jason L Tibbitts III wrote:
The selinux-policy RPM references the repository:
URL : https://github.com/fedora-selinux/selinux-policy
There are several projects under https://github.com/fedora-selinux which might interest you. I see that pull requests are being merged so that seems a reasonable way to contribute.
- J<
Thank you very much Jason & Lukas.
I’m trying to build the policy. After cloning the “selinux-policy" repo., we need to execute “.travis.yml” to setup the “contrib” folder. Is that correct?
There is no need to execute travis.yml, this file is for CI. It's enough to clone contrib repo to selinux base repo.
I'm facing some build issues, and would like to confirm that the following steps I'm following to build the policy are correct.
# git clone https://github.com/containers/container-selinux.git # rm -rf selinux-policy/policy/modules/contrib # git clone https://github.com/fedora-selinux/selinux-policy-contrib.git selinux-policy/policy/modules/contrib; # git clone https://github.com/containers/container-selinux.git # cp container-selinux/container.* selinux-policy/policy/modules/contrib; # cd selinux-policy # make conf # make policy
Are you following this process? https://github.com/fedora-selinux/selinux-policy/wiki/Compiling
One of the issues I'm facing is that "djbdns.te" is passing an attribute (djbdns_domain) as argument to the interface "corenet_all_recvfrom_unlabeled". That doesn't seem correct, and therefore wondering if we're even supposed to build policy for djbdns.
Could someone kindly confirm the steps to build the Fedora selinux-policy
with "contrib"s.
The best way would be create own rpm package with updates SELinux policy, then you can install it to your system: https://github.com/fedora-selinux/selinux-policy/wiki/Packaging
Thanks, Lukas.
Thanks!
Jag
Thanks! — Jag
On 4/29/2019 8:33 AM, Lukas Vrabec wrote:
On 4/26/19 6:01 PM, Jag Raman wrote:
On 4/24/2019 10:24 AM, Jag Raman wrote:
On Apr 24, 2019, at 7:11 AM, Lukas Vrabec lvrabec@redhat.com wrote:
Agree with Jason,
Feel free to contribute, we'll be more than glad ;)
Thanks, Lukas.
On 4/23/19 11:35 PM, Jason L Tibbitts III wrote:
The selinux-policy RPM references the repository:
URL : https://github.com/fedora-selinux/selinux-policy
There are several projects under https://github.com/fedora-selinux which might interest you. I see that pull requests are being merged so that seems a reasonable way to contribute.
- J<
Thank you very much Jason & Lukas.
I’m trying to build the policy. After cloning the “selinux-policy" repo., we need to execute “.travis.yml” to setup the “contrib” folder. Is that correct?
There is no need to execute travis.yml, this file is for CI. It's enough to clone contrib repo to selinux base repo.
I'm facing some build issues, and would like to confirm that the following steps I'm following to build the policy are correct.
# git clone https://github.com/containers/container-selinux.git # rm -rf selinux-policy/policy/modules/contrib # git clone https://github.com/fedora-selinux/selinux-policy-contrib.git selinux-policy/policy/modules/contrib; # git clone https://github.com/containers/container-selinux.git # cp container-selinux/container.* selinux-policy/policy/modules/contrib; # cd selinux-policy # make conf # make policy
Are you following this process? https://github.com/fedora-selinux/selinux-policy/wiki/Compiling
Thank you very much for the wiki.
I was executing "make conf; make policy", which appears to be a mistake. Running "make policy" alone works. It looks like the conf. is distributed as part of the repo.
Thanks for the help! -- Jag
One of the issues I'm facing is that "djbdns.te" is passing an attribute (djbdns_domain) as argument to the interface "corenet_all_recvfrom_unlabeled". That doesn't seem correct, and therefore wondering if we're even supposed to build policy for djbdns.
Could someone kindly confirm the steps to build the Fedora selinux-policy
with "contrib"s.
The best way would be create own rpm package with updates SELinux policy, then you can install it to your system: https://github.com/fedora-selinux/selinux-policy/wiki/Packaging
Thanks, Lukas.
Thanks!
Jag
Thanks! — Jag
On 4/29/19 5:22 PM, Jag Raman wrote:
On 4/29/2019 8:33 AM, Lukas Vrabec wrote:
On 4/26/19 6:01 PM, Jag Raman wrote:
On 4/24/2019 10:24 AM, Jag Raman wrote:
On Apr 24, 2019, at 7:11 AM, Lukas Vrabec lvrabec@redhat.com wrote:
Agree with Jason,
Feel free to contribute, we'll be more than glad ;)
Thanks, Lukas.
On 4/23/19 11:35 PM, Jason L Tibbitts III wrote:
The selinux-policy RPM references the repository:
URL : https://github.com/fedora-selinux/selinux-policy
There are several projects under https://github.com/fedora-selinux which might interest you. I see that pull requests are being merged so that seems a reasonable way to contribute.
- J<
Thank you very much Jason & Lukas.
I’m trying to build the policy. After cloning the “selinux-policy" repo., we need to execute “.travis.yml” to setup the “contrib” folder. Is that correct?
There is no need to execute travis.yml, this file is for CI. It's enough to clone contrib repo to selinux base repo.
I'm facing some build issues, and would like to confirm that the following steps I'm following to build the policy are correct.
# git clone https://github.com/containers/container-selinux.git # rm -rf selinux-policy/policy/modules/contrib # git clone https://github.com/fedora-selinux/selinux-policy-contrib.git selinux-policy/policy/modules/contrib; # git clone https://github.com/containers/container-selinux.git # cp container-selinux/container.* selinux-policy/policy/modules/contrib; # cd selinux-policy # make conf # make policy
Are you following this process? https://github.com/fedora-selinux/selinux-policy/wiki/Compiling
Thank you very much for the wiki.
I was executing "make conf; make policy", which appears to be a mistake. Running "make policy" alone works. It looks like the conf. is distributed as part of the repo.
Thanks for the help!
You're welcome ;)
Looking forward for patches.
Lukas.
--
Jag
One of the issues I'm facing is that "djbdns.te" is passing an attribute (djbdns_domain) as argument to the interface "corenet_all_recvfrom_unlabeled". That doesn't seem correct, and therefore wondering if we're even supposed to build policy for djbdns.
Could someone kindly confirm the steps to build the Fedora selinux-policy
with "contrib"s.
The best way would be create own rpm package with updates SELinux policy, then you can install it to your system: https://github.com/fedora-selinux/selinux-policy/wiki/Packaging
Thanks, Lukas.
Thanks! -- Jag
Thanks! — Jag
selinux@lists.fedoraproject.org
-
Jag Raman -
Jason L Tibbitts III -
Lukas Vrabec