From: pebenito@ieee.org (Chris PeBenito) Date: Fri, 9 Mar 2018 17:24:14 -0500 Subject: [refpolicy] Rebasing fedora selinux-policy with refpolicy upstream In-Reply-To: <8aaf5b27-9bb7-ae2e-4864-44cfef01d48e@redhat.com> References: <8aaf5b27-9bb7-ae2e-4864-44cfef01d48e@redhat.com> Message-ID: <72cde042-debd-0145-ecc4-790d84783ab7@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 03/09/2018 04:16 AM, Lukas Vrabec via refpolicy wrote: > As a maintainer of SELinux distribution policy for Fedora, I would like > to start with rebasing SELinux modules with upstream refpolicy. > > Unfortunately refpolicy and fedora selinux-policy quite diverged > during the time. Do the full rebase will be probably really messy > action. I prefer start with smaller modules from contrib branch/repo. > > However I have few questions here. SELinux policy in Fedora cover more > setups then refpolicy (contain more allow/generic rules). I'll merge > allow rules from refpolicy which are missing in Fedora selinux-policy, > but would you like to see allow rules from fedora selinux-policy in > refpolicy upstream? Lot of these rules could be Fedora/RHEL specific. > Should I start sending patches and you will decide which > should be merged? I have not looked at the Fedora policy in some time, so I don't know of anything specific that would be problematic. My suggestion would be to start with small changes in contrib that will hopefully not be contentious. -- Chris PeBenito