projects
Fedora change - SELinux policy store migration
https://fedoraproject.org/wiki/Changes/SELinuxPolicyStoreMigration
SELinux userspace update
prepare builds
https://copr.fedoraproject.org/coprs/plautrba/selinux
secilc package
migrate script
- find non-distribution modules
- migrate them to the new store using semodule -i
- rebuild and reload policy
tests
use virtual host
setup virtual host, e.g. Fedora cloud according to http://www.projectatomic.io/docs/quickstart/ chapter "Logging In To Your Atomic Machine"
for a static network configuration you can use
$ cat meta-data
instance-id: id-fedora-cloud
local-hostname: fedora-cloud
network-interfaces: |
iface eth0 inet static
address 192.168.122.41
network 192.168.122.0
netmask 255.255.255.0
broadcast 192.168.122.255
gateway 192.168.122.1
- download https://plautrba.fedorapeople.org/selinux/tests-covering-SELinuxPolicyStoreMigration-change/
make run
simple update test
- disable random module, set random variable, make random login change
- check set of modules, booleans, users, ... in distribution package
- update selinux-policy-targeted package
- check if userspace packages are updated
- check if SELinux state is same as before update
- same but update userspace and check if selinux-policy is updated
update test with local modification
- create and install a module
- previous 2. - 5.
install and update from selinux=0
- set SELinux disabled
- install/update packages
- try reboot and do sanity checks
export and import modifications
- semanage export -f semanage.mods
- update
- check if modifications persists
- try import modifications
selinux-policy packages with migrated store
tests
CIL rewrite
SELinux integration
abrt
anaconda
cockpit
desktops