On 31 August 2017 at 16:22, Aaron Conole <[email protected]> wrote: > This series brings about a policy update to openvswitch allowing it to > run on a RHEL / Fedora system, even as a non-root user, with selinux set > to Enforcing. > > The first two patches make some changes to the way the selinux policy is > built to have a macro-like effect, allowing the dpdk policy to be enabled > or disabled based on the build. This is chosen instead of using an selinux > boolean, because it is more transparent to the end user. > > All of this work was tested by passing traffic, including via a dpdk bridge. > > I'm hoping that this can be backported to the 2.8 branch (since it would be > needed to make fedora 2.8 make sense), but if not, we can always do the manual > backport > I already pushed your patches to master branch. However, before back-porting them to 2.8 I think more testing is required. For example:
1. The documentation should reflect the renaming to openvswitch.te.in # git grep "openvswitch\.te" Documentation/howto/selinux.rst:``selinux/openvswitch.te`` file in the OVS source tree and try to add white 2. I think your patch breaks the rpm packages built with rpmbuild -bb --without check rhel/openvswitch.spec I know that there are users out there using this rhel/openvswitch.spec opposed to rhel/openvswitch-fedora.spec on RHEL and CentOS. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
