From Fedora Project Wiki

(Created page with "This page is a work in progress, please see SELinuxModularity for more information.")
 
(Initial outline)
Line 1: Line 1:
This page is a work in progress, please see [[SELinuxModularity]] for more information.
+
 
 +
{{admon/important|Work in progress|This page is a work in progress, see the inline TODO notes.  We suggest visiting [[SELinuxModularity]] for more information.}}
 +
 
 +
== Configuring the Development Environment ==
 +
 
 +
{{admon/note|TODO|The goal of this section is to help people setup their system to build SELinux policy and Fedora Modules.  Any temporary hacks that are required should be called out in admon/important notes.}}
 +
 
 +
=== Building RPMs and Fedora Modules ===
 +
 
 +
{{admon/note|TODO|This subsection should cover the general installation and setup of the tools and packages necessary to build both RPMs and Fedora Modules.}}
 +
 
 +
=== Building SELinux Policy ===
 +
 
 +
{{admon/note|TODO|This subsection should cover the general installation and setup of the tools and packages necessary to build SELinux policy.}}
 +
 
 +
== Packaging SELinux Policy ==
 +
 
 +
{{admon/note|TODO|The goal of this section is to help people understand how to package individual SELinux policy modules into a RPM; we should work closely with the Independent Policy Project (IPP), perhaps simply linking to IPP wiki docs if/when they exist.}}
 +
 
 +
=== SELinux Policy Priorities ===
 +
 
 +
{{admon/note|TODO|This subsection should cover the prioritized policy store, explaining the different levels used in Fedora.}}
 +
 
 +
=== SELinux Base Policies ===
 +
 
 +
{{admon/note|TODO|This subsection should cover the different SELinux base policies, e.g. targeted vs MLS, and explain how to handle this in the specfiles.}}
 +
 
 +
=== Example SELinux Policy RPM specfile ===
 +
 
 +
{{admon/note|TODO|This subsection should provide an example SELinux policy module specfile with comments and annotations.}}
 +
 
 +
== Bundling SELinux Policy RPMs in Fedora Modules ==
 +
 
 +
{{admon/note|TODO|The goal of this section is to help users understand how to include SELinux policy inside of Fedora Modules, the lessons learned from the memcached prototype should be very helpful here.}}
 +
 
 +
=== Adding the SELinux Policy to the Package List ===
 +
 
 +
{{admon/note|TODO|This subsection should document the recommended way to include the SELinux policy RPMs in Fedora Modules.}}
 +
 
 +
=== Module Install Profiles ===
 +
 
 +
{{admon/note|TODO|This subsection should document the how the included SELinux policy should be handled by the various module installation profiles, paying special attention to the "normal" (install the policy) and "container" (DO NOT install the policy) use cases.  If any special dnf configuration is needed it should be described here as well.}}

Revision as of 12:13, 21 September 2017

Important.png
Work in progress
This page is a work in progress, see the inline TODO notes. We suggest visiting SELinuxModularity for more information.

Configuring the Development Environment

Note.png
TODO
The goal of this section is to help people setup their system to build SELinux policy and Fedora Modules. Any temporary hacks that are required should be called out in admon/important notes.

Building RPMs and Fedora Modules

Note.png
TODO
This subsection should cover the general installation and setup of the tools and packages necessary to build both RPMs and Fedora Modules.

Building SELinux Policy

Note.png
TODO
This subsection should cover the general installation and setup of the tools and packages necessary to build SELinux policy.

Packaging SELinux Policy

Note.png
TODO
The goal of this section is to help people understand how to package individual SELinux policy modules into a RPM; we should work closely with the Independent Policy Project (IPP), perhaps simply linking to IPP wiki docs if/when they exist.

SELinux Policy Priorities

Note.png
TODO
This subsection should cover the prioritized policy store, explaining the different levels used in Fedora.

SELinux Base Policies

Note.png
TODO
This subsection should cover the different SELinux base policies, e.g. targeted vs MLS, and explain how to handle this in the specfiles.

Example SELinux Policy RPM specfile

Note.png
TODO
This subsection should provide an example SELinux policy module specfile with comments and annotations.

Bundling SELinux Policy RPMs in Fedora Modules

Note.png
TODO
The goal of this section is to help users understand how to include SELinux policy inside of Fedora Modules, the lessons learned from the memcached prototype should be very helpful here.

Adding the SELinux Policy to the Package List

Note.png
TODO
This subsection should document the recommended way to include the SELinux policy RPMs in Fedora Modules.

Module Install Profiles

Note.png
TODO
This subsection should document the how the included SELinux policy should be handled by the various module installation profiles, paying special attention to the "normal" (install the policy) and "container" (DO NOT install the policy) use cases. If any special dnf configuration is needed it should be described here as well.