[ovs-dev] [PATCH v3 0/3] updated selinux policy for Open vSwitch

[Ansis Atteka]

On 1 September 2017 at 10:20, Aaron Conole <aconole at redhat.com> wrote:
> Ansis Atteka <ansisatteka at gmail.com> writes:
>
>> On 31 August 2017 at 16:22, Aaron Conole <aconole at redhat.com> wrote:
>>> This series brings about a policy update to openvswitch allowing it to
>>> run on a RHEL / Fedora system, even as a non-root user, with selinux set
>>> to Enforcing.
>>>
>>> The first two patches make some changes to the way the selinux policy is
>>> built to have a macro-like effect, allowing the dpdk policy to be enabled
>>> or disabled based on the build.  This is chosen instead of using an selinux
>>> boolean, because it is more transparent to the end user.
>>>
>>> All of this work was tested by passing traffic, including via a dpdk bridge.
>>>
>>> I'm hoping that this can be backported to the 2.8 branch (since it would be
>>> needed to make fedora 2.8 make sense), but if not, we can always do the manual
>>> backport
>>>
>> I already pushed your patches to master branch. However, before
>> back-porting them to 2.8 I think more testing is required. For
>> example:
>
> Agreed.  I addressed your concerns, and also found a really
> embarrassingly stupid mistake.
>
> I plan on continuing to test it anyway.  I'll be making some beer this
> weekend so I should have some spare cycles to kick stuff off.
>
> Thanks for all your help, Ansis!
>

Thanks for jumping in quickly and addressing all the remaining issues.
Second series look good to me. I will back-port all 6 patches to
branch-2.8 now. Thank you!