vmojzis
commented
10 months ago This is why the templates are no longer part of udica package and are provided as part of container-selinux instead. Does this suit your needs?
Closed quentin9696 closed 10 months ago
vmojzis
commented
10 months ago This is why the templates are no longer part of udica package and are provided as part of container-selinux instead. Does this suit your needs?
quentin9696
commented
10 months ago That's exactly what I was looking for. I don't know why I didn't figure it out before. Thank you for the reply
Is your feature request related to a problem? Please describe. I use the udica tool to create fine-grain SELinux policies. While this tool is good development tool, it's really heavy to install all the package and its dependency in production, which is useless. In a production context, I only need the content of
/usr/share/udica/templates/. If we have a package with only those templates, it's easy to install this lib and install our modulesDescribe the solution you'd like Separate the templates from the udica package, to be more production friendly and avoid installing all the dependency (including python). It's basically a lib that can be used alone, without udica.
Describe alternatives you've considered Manage this template by myself, but it requires maintenance every-time the templates are modified
Additional context I run my containers in Fedora CoreOS and having fine-grain SELinux policies increate a lot my OS security