Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8B60EC282CE for ; Wed, 10 Apr 2019 01:00:02 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 32B3620874 for ; Wed, 10 Apr 2019 01:00:02 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=coker.com.au header.i=@coker.com.au header.b="Gu4CXBWq" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726676AbfDJBAB (ORCPT ); Tue, 9 Apr 2019 21:00:01 -0400 Received: from smtp.sws.net.au ([46.4.88.250]:45806 "EHLO smtp.sws.net.au" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726580AbfDJBAA (ORCPT ); Tue, 9 Apr 2019 21:00:00 -0400 Received: from liv.localnet (localhost [127.0.0.1]) by smtp.sws.net.au (Postfix) with ESMTP id 92412EE62; Wed, 10 Apr 2019 10:59:56 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coker.com.au; s=2008; t=1554857998; bh=wg0sY3TomiGrzehNlIHziFNeSQfJGejfRk3GiIxSR+8=; l=1427; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Gu4CXBWqVqA40BZezAyTwCSn6rQVQFX9r2ebNwiGtUDzo77Rpcj/w9nfMclQUD56W jjMJW53tKdRYwfGRk3a3QOuCqlQbalVq+K4dyqWVUhTdbUnVMIofyqU3PKPEHwFfcq pHjvjbWD9kYRlnbRna325theK7SDoflZ6j/45NrY= From: Russell Coker To: Jag Raman Cc: refpolicy , Chris PeBenito Subject: Re: Testing changes to "refpolicy" Date: Wed, 10 Apr 2019 10:59:50 +1000 Message-ID: <4547019.OKaXWVSkba@liv> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org On Wednesday, 10 April 2019 1:58:28 AM AEST Jag Raman wrote: > > There is no official distro for testing. It does support customizations > > for various distributions (DISTRO build option), but that also depends > > on how much of the distro's customizations are upstreamed. > > I tried setting the "DISTRO" build option to "redhat", and tested on > Fedora. But it looks like "refpolicy" customizations are not upstream > for Fedora. It could be because RedHat is maintaining a separate set of > patches [2] that apply on top of an older version (RELEASE_2_20130424) > of SELinux refpolicy. > > Do you know of any distro whose customizations are upstream? The vast majority of Debian patches are upstreamed. A couple of months ago I submitted a lot of patches to get the Debian policy very close to upstream, the differences at that time were mostly things that upstream didn't agree with. Since that time there have been more changes and one particularly noteworthy thing is that there's been a new release of systemd that needs some changes. I plan to have all the patches needed for that submitted upstream soon. If you run Debian/Testing with the upstream policy there is about 10 minutes work needed to get it all going properly. If you find it more difficult than that then let me know and I'll fix it. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/