ENH,SEC: Enable selinux

[westurner]

It shouldn't be too difficult to get selinux=enforcing working.

"Inlined copy of /root/modules/*.te" in smithmcgriff/Fedora-on-pinebookpro#5 (comment) works but probably shouldn't be necessary.

[bengtfredh]

By now I use Manjaro kernel and SELINUX is not configured, they use apparmor. This is why I set selinux=disabled. I have no success with Fedora kernel. Have you tried Fedora kernel and been able to boot? I have tried to patch Fedora kernel, but still no success.

[westurner]

So, this has neither AppArmor nor SELinux?

[westurner]

A port of the manjaro patches against the Fedora kernel (even an old version) should be possible?

There are other kernels in COPR repos; which are built by COPR IIUC.

https://docs.pagure.org/copr.copr/user_documentation.html

https://fedoraproject.org/wiki/Kernel_Vanilla_Repositories

https://www.google.com/search?q=copr+kernel+site:copr.fedorainfracloud.org

Re: rpmrebuild, akmods: https://www.reddit.com/r/PINE64official/comments/ijfbgl/pbptools_tools_for_system_management_kernel/g3dqks6?&context=3

• http://rpmrebuild.sourceforge.net/
• https://askbot.fedoraproject.org/en/question/9106/sticky-what-is-the-difference-between-an-akmod-and-kmod/
• https://rpmfusion.org/Packaging/KernelModules/Kmods2

[westurner]

It may be easier to merge the Fedora kernel config (from /boot but not /proc) for SELinux with and rebuild the manjaro kernel than to apply the Pinebook patch set to a Fedora [vanilla?] kernel?

[bengtfredh]

I am working with next release of the script and created a copr repo with extra packages to replace the overlay, and the Manjaro part of the script.
https://github.com/bengtfredh/pinebook-pro-copr.git
https://copr.fedorainfracloud.org/coprs/aptupdate/pinebook-pro/packages/
By now I have created a rpm with the prebuild Manjaro kernel. I have been trying to patch Fedora kernel with the patches for Pinebook Pro with no success.
Manjaro kernel have AppArmor enabled, but I think it will be hard to create/set functional policies on Fedora.
The better option is probably to enable SELINUX and build kernel from vanilla.
Good idea to try to build vanilla with patches and Fedora config, I will try that one.

[westurner]

Just getting a chance to look at the source here but haven't a pbp in hand.
The kernel-pbp spec looks refreshingly easy to maintain:
https://github.com/bengtfredh/pinebook-pro-copr/blob/master/kernel-pbp/kernel-pbp.spec

https://github.com/nikhiljha/pp-fedora-sdsetup/blob/master/phone-scripts/02-install-packages.sh#L38-L44 has:

infecho "Making COPR higher priority for kernel updates..."
echo "priority=10" >> /etc/yum.repos.d/_copr\:copr.fedorainfracloud.org\:njha\:mobile.repo

Here are some packagesets for Gnome, KDE, Xfce, etc. on top of a minimal fedora install:
https://github.com/89luca89/ansible-fedora-minimal#installing-the-base-system

[bengtfredh]

Thanks, and copr works very well for building kernel.

There is no need to change priority as long as package is named kernel-pbp, you get no conflict with package kernel. For me it is a point to have both installed so I can test Fedora Kernel without to much hazzel.

I will have a look at the repo you posted if I proceed with my idea to start out with a Fedora-Container-Base.

[westurner]

https://arm.fedoraproject.org/ links to a https://download.fedoraproject.org/pub/fedora/linux/releases/33/Spins/armhfp/images/Fedora-Minimal-armhfp-33-1.2-sda.raw.xz

Here's the kickstarts for Fedora-ARM-minimal and Fedora-ARM-workstation:

https://pagure.io/fedora-kickstarts/blob/master/f/fedora-arm-minimal.ks

https://pagure.io/fedora-kickstarts/blob/master/f/fedora-arm-workstation.ks

https://fedoraproject.org/wiki/Spins_Process#Creating_a_Spin :

• Fedora Remix
• Fedora Spin in Development
• Fedora Spin

Probably easier to create a package that depends on the (versions of?) the other pbp packages than to add a comps.xml to create a dnf package group.
https://fedoraproject.org/wiki/How_to_use_and_edit_comps.xml_for_package_groups

https://pagure.io/fedora-comps/blob/master/f/comps-f34.xml.in