Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SELinux RPM - set selinuxtype to targeted #242

Merged
merged 1 commit into from
Apr 17, 2023
Merged

SELinux RPM - set selinuxtype to targeted #242

merged 1 commit into from
Apr 17, 2023

Conversation

ygalblum
Copy link
Contributor

The policy installation command in the post step uses this global without setting it. As a result, the policy does not get installed

@ygalblum
SELinux RPM - set selinuxtype to targeted
7fae911 
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
@ygalblum
Copy link
Contributor Author

The definition of selinux_modules_install: https://github.com/fedora-selinux/selinux-policy-macros/blob/master/macros.selinux-policy#L48

@ygalblum
Copy link
Contributor Author

@rhatdan PTAL

@ygalblum
Copy link
Contributor Author

@engelmi thanks for reviewing. I'm leaving it as not-mergeable to wait for @rhatdan's input

mwperina
mwperina reviewed Apr 17, 2023
View reviewed changes
hirte.spec.in
@@ -103,6 +103,8 @@ Requires: selinux-policy >= %{_selinux_policy_version}

Requires(post): policycoreutils

%global selinuxtype targeted
Copy link
Member

@mwperina mwperina Apr 17, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, I somehow missed that :-( even though it's mentioned in selinux packaging guidelines:

https://fedoraproject.org/wiki/SELinux_Policy_Modules_Packaging_Draft#Building_the_Policy_Modules

So is targeted enough or do we need to add also mls to the list?

Also as this is global option, could you please move it to the beginning of the spec file?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So is targeted enough or do we need to add also mls to the list?

That's why I wanted to get input from @rhatdan

Also as this is global option, could you please move it to the beginning of the spec file?

Don't you think it's more readable when it's defined next to the sub-package it belongs to?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's leave it as targeted. We don't plan on supporting any other form of SELinux policy especially not MLS.

@rhatdan
Copy link
Contributor

rhatdan commented Apr 17, 2023

LGTM

@rhatdan rhatdan merged commit 50b8244 into eclipse-bluechi:main Apr 17, 2023
@ygalblum ygalblum deleted the rpm-selinux-set-type branch April 17, 2023 11:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mwperina mwperina mwperina left review comments

@engelmi engelmi engelmi approved these changes

@alexlarsson alexlarsson Awaiting requested review from alexlarsson alexlarsson is a code owner

@mkemel mkemel Awaiting requested review from mkemel mkemel is a code owner

@rhatdan rhatdan Awaiting requested review from rhatdan rhatdan is a code owner

@sdunnagan sdunnagan Awaiting requested review from sdunnagan

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ygalblum @rhatdan @mwperina @engelmi