From 06889f6fa4ab68132a22f26dff3cf1194702454c Mon Sep 17 00:00:00 2001 From: Amrita Date: Thu, 23 Oct 2025 16:22:58 +0530 Subject: [PATCH 1/3] dc file and profiling --- DC-SAP-SELinux | 15 +++++++++++++++ concepts/selinux-modes.xml | 8 +++----- 2 files changed, 18 insertions(+), 5 deletions(-) create mode 100644 DC-SAP-SELinux diff --git a/DC-SAP-SELinux b/DC-SAP-SELinux new file mode 100644 index 000000000..2a677ba7d --- /dev/null +++ b/DC-SAP-SELinux @@ -0,0 +1,15 @@ +# This file originates from the project https://github.com/openSUSE/doc-kit +# This file can be edited downstream. + +MAIN="SELinux.asm.xml" +# Point to the ID of the of your assembly +SRC_DIR="articles" +IMG_SRC_DIR="images" + +PROFOS="sles4sap" +PROFCONDITION="16.0" +#PROFCONDITION="suse-product;beta" +#PROFCONDITION="community-project" + +STYLEROOT="/usr/share/xml/docbook/stylesheet/suse2022-ns" +FALLBACK_STYLEROOT="/usr/share/xml/docbook/stylesheet/suse-ns" \ No newline at end of file diff --git a/concepts/selinux-modes.xml b/concepts/selinux-modes.xml index 565a01ea5..4df8eebdc 100644 --- a/concepts/selinux-modes.xml +++ b/concepts/selinux-modes.xml @@ -20,11 +20,9 @@ - &selnx; can run in enforcing or permissive mode: - @@ -42,9 +40,9 @@ -The default in &productnameshort; &productnumber; is enforcing mode. - - For information about switching between &selnx; modes, refer to +The default in &productnameshort; &productnumber; 16 is enforcing mode. + The default in &sles4sap; 16 is enabled in permissive mode. + For information about switching between &selnx; modes, refer to . From c8f0f1d004e8c1cafc7c4b00490754452f10254a Mon Sep 17 00:00:00 2001 From: Amrita Date: Thu, 23 Oct 2025 16:25:33 +0530 Subject: [PATCH 2/3] adds sap patterns --- concepts/selinux-modes.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/concepts/selinux-modes.xml b/concepts/selinux-modes.xml index 4df8eebdc..76f0d0bb3 100644 --- a/concepts/selinux-modes.xml +++ b/concepts/selinux-modes.xml @@ -41,7 +41,7 @@ The default in &productnameshort; &productnumber; 16 is enforcing mode. - The default in &sles4sap; 16 is enabled in permissive mode. + The default in &sles4sap; 16 is enabled in permissive mode, if &sap; patterns are installed. For information about switching between &selnx; modes, refer to . From 917cd95a6106c34f852fa28fedbcba2bcaa7a165 Mon Sep 17 00:00:00 2001 From: Amrita Date: Thu, 23 Oct 2025 17:06:57 +0530 Subject: [PATCH 3/3] package --- tasks/selinux-packages.xml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tasks/selinux-packages.xml b/tasks/selinux-packages.xml index 34fc1ac6e..1ce8ce912 100644 --- a/tasks/selinux-packages.xml +++ b/tasks/selinux-packages.xml @@ -44,9 +44,15 @@ easier. This includes tools such as audit2allow and semanage. If the package is missing, run the following command to install it: - + &prompt.sudo;zypper install policycoreutils-python-utils + + Theselinux-policy-sapenablement package is for &selnx; policy changes for running &sap;. + Currently it sets the settings that are needed, but still sets &selnx; to permissive mode. + Users can set it to enforcing mode again to use the base policy module &suse; provides. + This package is installed by default. + &prompt.sudo;transactional-update pkg install policycoreutils-python-utils The &selnx; man pages contain comprehensive documentation on the options