On 04/28/2011 06:10 PM, Mr Dash Four wrote:
>> But can you enclose your modules please? Then i will review them and
>> then we can see what the best way to go forward may be.
>>
> Thanks Dominick, I'll do that when I get home later tonight!
Could you add me to CC. I would like to see these policies too. Thanks.
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

I have written quite a few policy modules for packages/application
which, as far as I know, are not yet covered by the main Fedora SE
policy (targeted). In fact, on all my machines the SE policies employed
there reached 100% coverage about 2 months ago and I am quite content
they are doing a pretty good job.

These policy have been gradually tweaked during the last few months and
I consider them reasonably stable (they have been in use for the past
5-6 months or so without major problems). So, to contribute to the
'common good' - is there a formal process for submission of new policy
modules for review (and possible inclusion into the main stream
-targeted policy with Fedora) or do I just go and do that through bugzilla?
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/28/2011 05:38 PM, Mr Dash Four wrote:

> is there a formal process for submission of new policy
> modules for review (and possible inclusion into the main stream
> -targeted policy with Fedora) or do I just go and do that through bugzilla?

I can review your patches if you enclose them.

Once reviewed we can ask the fedora maintainers to merge them. If i am
confident (e.g. the policy modules are pretty trivial) then i could push
them into the fedora git repository myself. Else we could either file a
bugzilla or just ask.

We could also try and get them straight into upstream. That way the
policy will find its way into Fedora policy automatically. Refpolicy
(upstream) has a more official way/channel to contribute, and also has
some information about the process of submission:

http://oss.tresys.com/projects/refpolicy/wiki/HowToContribute

The benefit of going the upstream route is that we do not have to bother
the Fedora maintainers. Downside is that inclusion may take longer.

Upside is that when the policy gets approved by upstream we can be
pretty sure that it will be adopted by Fedora. The other way around is
harder because refpolicy has some more/different requirements.

But can you enclose your modules please? Then i will review them and
then we can see what the best way to go forward may be.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk25jPcACgkQMlxVo39jgT9e2QCfX9NCVvq7mt YoqoM2IC3uaTEy
/DQAoMk59eyxhZHCIRHDEstBtauItDXQ
=sIA/
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

> But can you enclose your modules please? Then i will review them and
> then we can see what the best way to go forward may be.
>
Thanks Dominick, I'll do that when I get home later tonight!

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux