From Fedora Project Wiki
No edit summary |
No edit summary |
||
| Line 30: | Line 30: | ||
{{admon/note|TODO|The goal of this section is to help people understand how to package individual SELinux policy modules into a RPM; we should work closely with the Independent Policy Project (IPP), perhaps simply linking to IPP wiki docs if/when they exist.}} | {{admon/note|TODO|The goal of this section is to help people understand how to package individual SELinux policy modules into a RPM; we should work closely with the Independent Policy Project (IPP), perhaps simply linking to IPP wiki docs if/when they exist.}} | ||
TODO | === SELinux Policy Packages === | ||
{{admon/note|TODO|This subsection should provide a very brief introduction to SELinux policy packaging on Fedora and refer readers to the [[SELinux/IndependentPolicy]] page.}} | |||
=== SELinux Policy Priorities === | === SELinux Policy Priorities === | ||
| Line 38: | Line 40: | ||
Q - what priority do we expect policy developers/packagers to use here? | Q - what priority do we expect policy developers/packagers to use here? | ||
Q - is there anything else specific to SELinux Policy packaging in Fedora Modularity that we should mention? | |||
Q - | |||
=== Example SELinux Policy RPM specfile === | === Example SELinux Policy RPM specfile === | ||
Revision as of 02:20, 9 August 2018
Work in progress
This page is a work in progress, see the inline TODO notes. We suggest visiting SELinuxModularity for more information.
This page is a work in progress, see the inline TODO notes. We suggest visiting SELinuxModularity for more information.
Configuring the Development Environment
TODO
The goal of this section is to help people setup their system to build SELinux policy and Fedora Modules. Any temporary hacks that are required should be called out in admon/important notes.
The goal of this section is to help people setup their system to build SELinux policy and Fedora Modules. Any temporary hacks that are required should be called out in admon/important notes.
Building RPMs and Fedora Modules
TODO
This subsection should cover the general installation and setup of the tools and packages necessary to build both RPMs and Fedora Modules.
This subsection should cover the general installation and setup of the tools and packages necessary to build both RPMs and Fedora Modules.
TODO - discussion/explanation
# dnf install module-build-service
Building SELinux Policy
TODO
This subsection should cover the general installation and setup of the tools and packages necessary to build SELinux policy.
This subsection should cover the general installation and setup of the tools and packages necessary to build SELinux policy.
TODO - discussion/explanation
# dnf install selinux-policy-devel rpm-build
Packaging SELinux Policy
TODO
The goal of this section is to help people understand how to package individual SELinux policy modules into a RPM; we should work closely with the Independent Policy Project (IPP), perhaps simply linking to IPP wiki docs if/when they exist.
The goal of this section is to help people understand how to package individual SELinux policy modules into a RPM; we should work closely with the Independent Policy Project (IPP), perhaps simply linking to IPP wiki docs if/when they exist.
SELinux Policy Packages
TODO
This subsection should provide a very brief introduction to SELinux policy packaging on Fedora and refer readers to the SELinux/IndependentPolicy page.
This subsection should provide a very brief introduction to SELinux policy packaging on Fedora and refer readers to the SELinux/IndependentPolicy page.
SELinux Policy Priorities
TODO
This subsection should cover the prioritized policy store, explaining the different levels used in Fedora.
This subsection should cover the prioritized policy store, explaining the different levels used in Fedora.
Q - what priority do we expect policy developers/packagers to use here?
Q - is there anything else specific to SELinux Policy packaging in Fedora Modularity that we should mention?
Example SELinux Policy RPM specfile
TODO
This subsection should provide an example SELinux policy module specfile with comments and annotations.
This subsection should provide an example SELinux policy module specfile with comments and annotations.
TODO - we can use the memcached policy specfile here
Bundling SELinux Policy RPMs in Fedora Modules
TODO
The goal of this section is to help users understand how to include SELinux policy inside of Fedora Modules, the lessons learned from the memcached prototype should be very helpful here.
The goal of this section is to help users understand how to include SELinux policy inside of Fedora Modules, the lessons learned from the memcached prototype should be very helpful here.
TODO - discussion/explanation
Adding the SELinux Policy to the Module Install Profiles
TODO
This subsection should document the how the included SELinux policy should be handled by the various module installation profiles, paying special attention to the "normal" (install the policy) and "container" (DO NOT install the policy) use cases. If any special dnf configuration is needed it should be described here as well.
This subsection should document the how the included SELinux policy should be handled by the various module installation profiles, paying special attention to the "normal" (install the policy) and "container" (DO NOT install the policy) use cases. If any special dnf configuration is needed it should be described here as well.
TODO - see what we did for the memcached prototype, especially the notes about adding the policy RPM to the profiles TODO - verify that the final decision was to add the policy packages to the default profile