On Wed, 16 Aug 2017 16:04:49 -0400 Aaron Conole <acon...@redhat.com> wrote:
> This series brings about a policy update to openvswitch allowing it to > run on a RHEL / Fedora system, even as a non-root user, with selinux set > to Enforcing. > > The first two patches make some changes to the way the selinux policy is > built to have a macro-like effect, allowing the dpdk policy to be enabled > or disabled based on the build. This is chosen instead of using an selinux > boolean, because it is more transparent to the end user. > > All of this work was tested by passing traffic, including via a dpdk bridge. > > Aaron Conole (3): > rhel: make the selinux policy intermediate > makefile: hook up dpdkstrip preprocessor > selinux: update policy to reflect non-root and dpdk support > > Makefile.am | 4 ++++ > rhel/openvswitch-fedora.spec.in | 1 + > selinux/automake.mk | 2 +- > selinux/openvswitch-custom.te | 16 ------------- > selinux/openvswitch-custom.te.in | 52 > ++++++++++++++++++++++++++++++++++++++++ > 5 files changed, 58 insertions(+), 17 deletions(-) > delete mode 100644 selinux/openvswitch-custom.te > create mode 100644 selinux/openvswitch-custom.te.in > Looks good to me. Acked-by: Flavio Leitner <f...@sysclose.org> _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
