Process for creating Fedora selinux-policy packages

[Daniel J Walsh]

Richard Fearn wrote:
> Hello,
>
> Due to an SELinux bug I reported in August, I've been tyring to 
> understand the selinux-policy packages to see how they're built. I 
> understand the principle of taking the upstream refpolicy, modifying 
> it and building the Fedora-specific packages. However, I'm struggling 
> to see where the refpolicy is coming from.
>
> For example, as I write this, the latest FC6 selinux-policy package 
> pushed to the repositories is 2.4.6-1. According to the "sources" file 
> in CVS, this package is built using serefpolicy-2.4.6.tgz. If I get 
> serefpolicy-2.4.6.tgz from the lookaside repository then the VERSION 
> file in it says 20061018. However, the contents of 
> serefpolicy-2.4.6.tgz differ a great deal from the "official" 20061018 
> version of the reference policy from Tresys.
>
> I could understand it if the Fedora selinux-policy packages were 
> directly based on the 20061018 version of the refpolicy from Tresys, 
> but there seems to be an intermediate stage of development that 
> produces the serefpolicy-2.x.x.tgz files in the lookaside repository.
>
> My question is: is there a CVS repository somewhere for a "Fedora 
> reference policy", that is used to build all these serefpolicy files?
>
The numbering is being done by me.  I am just taking CVS dumps off of 
tresys policy and applying patches.  When I update to the latest policy 
from Tresys.  I build my own policy tarball off of the current cvs/svn 
version and apply my patch.  Treysys at some later time releases a 
version with the date you have.  So it is difficult to match up my 
release with what tresys is releasing.
> Thanks
>
> Richard Fearn
>
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list