Process for creating Fedora selinux-policy packages

Richard Fearn fedora at richardfearn.co.uk
Tue Jan 2 23:50:55 UTC 2007


Hello,

Due to an SELinux bug I reported in August, I've been tyring to 
understand the selinux-policy packages to see how they're built. I 
understand the principle of taking the upstream refpolicy, modifying it 
and building the Fedora-specific packages. However, I'm struggling to 
see where the refpolicy is coming from.

For example, as I write this, the latest FC6 selinux-policy package 
pushed to the repositories is 2.4.6-1. According to the "sources" file 
in CVS, this package is built using serefpolicy-2.4.6.tgz. If I get 
serefpolicy-2.4.6.tgz from the lookaside repository then the VERSION 
file in it says 20061018. However, the contents of serefpolicy-2.4.6.tgz 
differ a great deal from the "official" 20061018 version of the 
reference policy from Tresys.

I could understand it if the Fedora selinux-policy packages were 
directly based on the 20061018 version of the refpolicy from Tresys, but 
there seems to be an intermediate stage of development that produces the 
serefpolicy-2.x.x.tgz files in the lookaside repository.

My question is: is there a CVS repository somewhere for a "Fedora 
reference policy", that is used to build all these serefpolicy files?

Thanks

Richard Fearn




More information about the fedora-selinux-list mailing list