|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
## Purpose
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
58fb34f |
SELinux Fedora Policy is a fork of the [SELinux reference policy](https://github.com/SELinuxProject/refpolicy/). The [fedora-selinux/selinux-policy](https://github.com/selinux-policy/selinux-policy.git) repo makes Fedora packaging simpler and more transparent for packagers, upstream developers, and users. It is used for applying downstream Fedora fixes, for communication about proposed/committed changes, and for communication with upstream and the community. It reflects the upstream repository structure to make submitting patches to upstream easy.
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
## Structure
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
aebc05f |
### GitHub
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
5487666 |
On GitHub, we have one repository containing the policy sources.
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
$ cd selinux-policy
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
$ git remote -v
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
origin git@github.com:fedora-selinux/selinux-policy.git (fetch)
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
$ git branch -r
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
origin/HEAD -> origin/master
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
origin/f27
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
origin/f28
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
origin/master
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
origin/rawhide
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
5487666 |
Note: As opposed to dist-git, the Rawhide content resides in the _rawhide_ branch rather than _master_.
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
### dist-git
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
58fb34f |
Package sources in dist-git are composed from the _selinux-policy_ repository snapshot tarball, _container-selinux_ policy files snapshot, the _macro-expander_ script snapshot, and from other config files.
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
## Build process
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
aebc05f |
1. Clone the [fedora-selinux/selinux-policy](https://github.com/fedora-selinux/selinux-policy) repository.
|
|
![](https://seccdn.libravatar.org/avatar/aa000ecdbab445daa4b9a0eae9cb38af8c68665d39a9da586a6fc6804e2cc448?s=16&d=retro) |
fe20768 |
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
aebc05f |
$ cd ~/devel/github
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
aebc05f |
$ git clone git@github.com:fedora-selinux/selinux-policy.git
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
aebc05f |
$ cd selinux-policy
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
58fb34f |
2. Create, backport, or cherry-pick needed changes to a particular branch and push them.
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
5487666 |
3. Clone the **selinux-policy** dist-git repository.
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
aebc05f |
$ cd ~/devel/dist-git
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
aebc05f |
$ fedpkg clone selinux-policy
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
aebc05f |
$ cd selinux-policy
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
58fb34f |
4. Download the latest snapshot from the selinux-policy GitHub repository.
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
$ ./make-rhat-patches.sh
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
58fb34f |
5. Add changes to the dist-git repository, bump release, create a changelog entry, commit, and push.
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
5487666 |
6. Build the package.
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
cb2fee8 |
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
aebc05f |
$ fedpkg build
|