[ovs-dev] [PATCH v3 0/3] updated selinux policy for Open vSwitch
Ansis Atteka
ansisatteka at gmail.com
Fri Sep 1 02:13:57 UTC 2017
On 31 August 2017 at 16:22, Aaron Conole <aconole at redhat.com> wrote:
> This series brings about a policy update to openvswitch allowing it to
> run on a RHEL / Fedora system, even as a non-root user, with selinux set
> to Enforcing.
>
> The first two patches make some changes to the way the selinux policy is
> built to have a macro-like effect, allowing the dpdk policy to be enabled
> or disabled based on the build. This is chosen instead of using an selinux
> boolean, because it is more transparent to the end user.
>
> All of this work was tested by passing traffic, including via a dpdk bridge.
>
> I'm hoping that this can be backported to the 2.8 branch (since it would be
> needed to make fedora 2.8 make sense), but if not, we can always do the manual
> backport
>
I already pushed your patches to master branch. However, before
back-porting them to 2.8 I think more testing is required. For
example:
1. The documentation should reflect the renaming to openvswitch.te.in
# git grep "openvswitch\.te"
Documentation/howto/selinux.rst:``selinux/openvswitch.te`` file in the
OVS source tree and try to add white
2. I think your patch breaks the rpm packages built with rpmbuild -bb
--without check rhel/openvswitch.spec
I know that there are users out there using this rhel/openvswitch.spec
opposed to rhel/openvswitch-fedora.spec on RHEL and CentOS.
More information about the dev
mailing list