[ovs-dev] [PATCH v3 0/3] updated selinux policy for Open vSwitch
Aaron Conole
aconole at redhat.com
Fri Sep 1 17:20:03 UTC 2017
Ansis Atteka <ansisatteka at gmail.com> writes:
> On 31 August 2017 at 16:22, Aaron Conole <aconole at redhat.com> wrote:
>> This series brings about a policy update to openvswitch allowing it to
>> run on a RHEL / Fedora system, even as a non-root user, with selinux set
>> to Enforcing.
>>
>> The first two patches make some changes to the way the selinux policy is
>> built to have a macro-like effect, allowing the dpdk policy to be enabled
>> or disabled based on the build. This is chosen instead of using an selinux
>> boolean, because it is more transparent to the end user.
>>
>> All of this work was tested by passing traffic, including via a dpdk bridge.
>>
>> I'm hoping that this can be backported to the 2.8 branch (since it would be
>> needed to make fedora 2.8 make sense), but if not, we can always do the manual
>> backport
>>
> I already pushed your patches to master branch. However, before
> back-porting them to 2.8 I think more testing is required. For
> example:
Agreed. I addressed your concerns, and also found a really
embarrassingly stupid mistake.
I plan on continuing to test it anyway. I'll be making some beer this
weekend so I should have some spare cycles to kick stuff off.
Thanks for all your help, Ansis!
-Aaron
More information about the dev
mailing list