SELinux Reference Policy
- Interface Reference
Projects hosted on oss.tresys.com
- CDS Framework IDE
- Certifiable Linux Integration Platform (CLIP)
- Policy Management Server
- Reference Policy
- SELinux Policy IDE (SLIDE)
- SETools Policy Analysis Suite
- The SELinux Project
Projects hosted on other sites
- SELinux Userspace
Other projects we help with in the security community
- SELinux Project
- SELinux Policy Server
If you are interested in working on Reference Policy, feel free to contact the developers on the Reference Policy mailing list. All public development related discussion happens on this mailing list. The IRC channel, #selinux on irc.freenode.net, is also appropriate for development discussions.
Commit notification emails can be received on the Reference Policy commits mailing list.
When submitting patches, there are a few things to keep in mind:
- Submit patches to the Reference Policy mailing list.
- Do not increase the version numbers in the policy_module() lines. These may be different by the time your patch is merged, and this will cause headaches for merging the patch. The policy version will be increased when the patch is committed to the Reference Policy master branch.
- It is strongly preferred (but not required) that patches be created by "git format-patch -n -s" and sent via "git send-email". This will ensure the patch can be directly imported into the repository, if accepted. Please ensure that the name and email address are correct on your patches before committing to your local repo.
- It is a common convention to prefix your subject line with [PATCH]. This lets people easily distinguish patches from other e-mail discussions. Use of additional markers after PATCH and the closing bracket to mark the nature of the patch is also encouraged. E.g. [PATCH/RFC] is often used when the patch is not ready to be applied but it is for discussion, [PATCH v2], [PATCH v3] etc. are often seen when you are sending an update to what you have previously sent.
How To Create A Patch Set
- A patch should make one logical change. Don't make multiple, disjoint changes to different modules in a single patch.
- A given patch should not break anything, even if later patches fix the problems that it causes. The tree should still compile after each patch is applied. (This makes "git bisect" work correctly.)
- Patches should be relative to HEAD of the git master branch.
- Make patches relative to the top of the policy source tree (the directory where the Makefile and build.conf are). This is automatically done when using git format-patch.
- A summary email that describes the set should also be sent for patch sets that consist of many patches. Typically this is patch 0, e.g. [PATCH 0/4]
- A link to a git repo from which the set can be pulled is preferred if the patch set is very large.
- Do not include contrib commits in the main repository. This will prevent your patch from applying. These commits look like this:
diff --git a/policy/modules/contrib b/policy/modules/contrib index df9652e..6c192c7 160000 --- a/policy/modules/contrib +++ b/policy/modules/contrib @@ -1 +1 @@ -Subproject commit df9652e0b0c3e2a7649d16aafd974621e702a222 +Subproject commit 6c192c747802a866038f470f8f60d5d664507a4f