[ovs-dev] [PATCH 0/3] updated selinux policy for Open vSwitch
Aaron Conole
aconole at redhat.com
Wed Aug 16 20:04:49 UTC 2017
This series brings about a policy update to openvswitch allowing it to
run on a RHEL / Fedora system, even as a non-root user, with selinux set
to Enforcing.
The first two patches make some changes to the way the selinux policy is
built to have a macro-like effect, allowing the dpdk policy to be enabled
or disabled based on the build. This is chosen instead of using an selinux
boolean, because it is more transparent to the end user.
All of this work was tested by passing traffic, including via a dpdk bridge.
Aaron Conole (3):
rhel: make the selinux policy intermediate
makefile: hook up dpdkstrip preprocessor
selinux: update policy to reflect non-root and dpdk support
Makefile.am | 4 ++++
rhel/openvswitch-fedora.spec.in | 1 +
selinux/automake.mk | 2 +-
selinux/openvswitch-custom.te | 16 -------------
selinux/openvswitch-custom.te.in | 52 ++++++++++++++++++++++++++++++++++++++++
5 files changed, 58 insertions(+), 17 deletions(-)
delete mode 100644 selinux/openvswitch-custom.te
create mode 100644 selinux/openvswitch-custom.te.in
--
2.9.4
More information about the dev
mailing list