Compile SELinux policy in pipelines
Overview
Currently, we compile SELinux policy locally and commit to the repository.
Proposal
Build SELinux policy in the pipelines with the package build if the type enforcement files have changed.
Rationale
- Ensure our build for SELinux policy is repeatable and that contributors can download one of our build containers and have our exact setup
- Avoid spotty issues where sometimes a new policy change gets compiled with a version of SELinux policy that is unsupported in older distributions of Linux
- Gives us the ability, in future iterations, to add more distributions of Linux to our supported list
Edited by Robert Marshall