Fabian, On Sat, May 21, 2016 at 10:05 PM, Fabian Arrotin <arrfab at centos.org> wrote: > On 21/05/16 09:57, (GalaxyMaster) wrote: > I guess we can rebuild the kernel by changing the initial patch then. Yes, this is exactly what I did to confirm that SELinux is indeed usable. > I also had a quick look at the rpi kernel source tree and it seems they > rebased to 4.4.x so wondering if that's not a good time to also bump to > that release. Yes, they made the rpi-4.4.y branch to be their main branch. I also compared the difference between rpi and kernel.org branches and the effort required to backport this to the current CentOS7 upstream kernel. Although it is not huge (around 10MB of patches) it would require a week of my time to do so and I don't have a week right now. So I guess I'm fine with using rpi-* as upstream for now. Additionally, I looked at the spec file for the kernel we are building and it's a bit dirty (e.g. it does some post-install tweaking and creates files which are not tracked by the package management). I am going to create a kernel package with the latest kernel from rpi-4.4.y with a cleaner spec file. Will share a link to my GitHub repository once it's done. > To answer your question about el7 default : it doesn't support armhfp by > default (as there is no upstream EL7 kernel for this) , and even el7 > aarch64 deviates from the 3.10.0 kernel. I am fully aware of how RedHat maintains their stable kernel trees and of their backport strategy. What I meant was that if we want to be as close as possible to CentOS7 we should have taken the upstream package from EL7 and applied the armhfp support on top of it. Anyway, as I mentioned above, it's a full week work and I don't have enough time to do it right now. > That's also the reason why we call the armhfp release "CentOS 7 > userland", because kernel differs from the CentOS 7 x86_64 (see > https://wiki.centos.org/SpecialInterestGroup/AltArch/Arm32#head-447eb2193fd92db5a65be9cae5a6f95c3546605b) Thanks for the link (once we rebuild Pi3 kernel with the adjusted value we could update SELinux status on that page). -- (GM)