Skip to content

Adjusted selinux policy to be more resilient to updates#5918

Merged
craigcomstock merged 1 commit into
cfengine:masterfrom
craigcomstock:ENT-13016-selinux
Oct 29, 2025
Merged

Adjusted selinux policy to be more resilient to updates#5918
craigcomstock merged 1 commit into
cfengine:masterfrom
craigcomstock:ENT-13016-selinux

Conversation

@craigcomstock

Copy link
Copy Markdown
Contributor

In rhel-10 the current policy errored out due to missing key_socket class.
Because we were specifying each class explicitly we were prone to trouble when changes happened in the kernel and selinux-policy (the package/repo which builds the .pp policy file).
Replacing all of the class elements with a single all_kernel_class_perms macro will allow us to get what we want: all of the classes available for use in our policy but in a way that will change outside of our policy.

Ticket: ENT-13016
Changelog: none

In rhel-10 the current policy errored out due to missing key_socket class.
Because we were specifying each class explicitly we were prone to trouble when changes happened in the kernel and selinux-policy (the package/repo which builds the .pp policy file).
Replacing all of the class elements with a single all_kernel_class_perms macro will allow us to get what we want: all of the classes available for use in our policy but in a way that will change outside of our policy.

Ticket: ENT-13016
Changelog: none
@craigcomstock

Copy link
Copy Markdown
Contributor Author

I am running a build for rhel-10 on jenkins-dev RN and will report back.

@craigcomstock

Copy link
Copy Markdown
Contributor Author

Here let's check other redhats: Build Status

@vpodzime vpodzime left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lovely! ❤️

@craigcomstock craigcomstock merged commit 242b67c into cfengine:master Oct 29, 2025
18 checks passed
@craigcomstock craigcomstock deleted the ENT-13016-selinux branch October 29, 2025 15:35
@craigcomstock

Copy link
Copy Markdown
Contributor Author

cherry picks: #5923 and #5922

@larsewi

larsewi commented Oct 29, 2025

Copy link
Copy Markdown
Contributor

Will Changelog: none appear in the changelogs? Or did we fix that?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

3 participants