in the recent weeks, we have encountered higher amount of regressions in our SELinux policies, particularly due to switch from Passenger to Puma which happened little bit too late in the sprint to my taste, but there were also other bugs (e.g. Bootdisk EFI changes).
Do keep in mind there’s SELinux, everytime we add a directory, file or change path or port, we need to modify the rules. Ideally, try to do it your own - it is actually pretty easy. Our policy lives in:
Few components have their own ones (Katello, Pulp, Candlepin):
To make it easier to get into it, I have re-recorded a talk from 2015 (DevConf Brno) today, I initially aimed to make a shorter presentation but it ended up - wait for it - to be 15 minutes longer (almost an hour). At least video quality is better:
The original recording from the conference is here:
I also gave the same talk in 2018 (Czech language):