From: lvrabec@redhat.com (Lukas Vrabec)
Date: Mon, 12 Mar 2018 12:36:27 +0100
Subject: [refpolicy] Rebasing fedora selinux-policy with refpolicy
 upstream
In-Reply-To: <72cde042-debd-0145-ecc4-790d84783ab7@ieee.org>
References: <8aaf5b27-9bb7-ae2e-4864-44cfef01d48e@redhat.com>
	<72cde042-debd-0145-ecc4-790d84783ab7@ieee.org>
Message-ID: <46d0c7c3-09e6-6986-12d0-03eb5bcce4e9@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 03/09/2018 11:24 PM, Chris PeBenito wrote:
> On 03/09/2018 04:16 AM, Lukas Vrabec via refpolicy wrote:
>> As a maintainer of SELinux distribution policy for Fedora, I would like
>> to start with rebasing SELinux modules with upstream refpolicy.
>>
>> Unfortunately refpolicy and fedora selinux-policy quite diverged
>> during the time. Do the full rebase will be probably really messy
>> action. I prefer start with smaller modules from contrib branch/repo.
>>
>> However I have few questions here. SELinux policy in Fedora cover more
>> setups then refpolicy (contain more allow/generic rules). I'll merge
>> allow rules from refpolicy which are missing in Fedora selinux-policy,
>> but would you like to see allow rules from fedora selinux-policy in
>> refpolicy upstream? Lot of these rules could be Fedora/RHEL specific.
>> Should I start sending patches and you will decide which
>> should be merged?
> 
> I have not looked at the Fedora policy in some time, so I don't know of
> anything specific that would be problematic.? My suggestion would be to
> start with small changes in contrib that will hopefully not be contentious.
> 

Understand, I'll start with rebasing small SELinux modules.

Thanks,
Lukas.

-- 
Lukas Vrabec
Software Engineer, Security Technologies
Red Hat, Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20180312/470a0d9b/attachment.bin