Flavio Leitner <[email protected]> writes: > On Wed, 16 Aug 2017 16:04:49 -0400 > Aaron Conole <[email protected]> wrote: > >> This series brings about a policy update to openvswitch allowing it to >> run on a RHEL / Fedora system, even as a non-root user, with selinux set >> to Enforcing. >> >> The first two patches make some changes to the way the selinux policy is >> built to have a macro-like effect, allowing the dpdk policy to be enabled >> or disabled based on the build. This is chosen instead of using an selinux >> boolean, because it is more transparent to the end user. >> >> All of this work was tested by passing traffic, including via a dpdk bridge. >> >> Aaron Conole (3): >> rhel: make the selinux policy intermediate >> makefile: hook up dpdkstrip preprocessor >> selinux: update policy to reflect non-root and dpdk support >> >> Makefile.am | 4 ++++ >> rhel/openvswitch-fedora.spec.in | 1 + >> selinux/automake.mk | 2 +- >> selinux/openvswitch-custom.te | 16 ------------- >> selinux/openvswitch-custom.te.in | 52 >> ++++++++++++++++++++++++++++++++++++++++ >> 5 files changed, 58 insertions(+), 17 deletions(-) >> delete mode 100644 selinux/openvswitch-custom.te >> create mode 100644 selinux/openvswitch-custom.te.in >> > > Looks good to me. > Acked-by: Flavio Leitner <[email protected]>
Looks like I missed some tun_socket permissions. I'm going to update, and when I do I'll keep your ack. Once Jean's test suite is finished I'll incorporate and push out a v2. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
