From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RXTOr-0003Rh-Cd for garchives@archives.gentoo.org; Mon, 05 Dec 2011 07:55:45 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id AC0B721C024; Mon, 5 Dec 2011 07:55:31 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 6922E21C01F for ; Mon, 5 Dec 2011 07:54:27 +0000 (UTC) Received: from phjr-macbookpro.local (fi122.internetdsl.tpnet.pl [80.53.34.122]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: phajdan.jr) by smtp.gentoo.org (Postfix) with ESMTPSA id 3DB431B4017 for ; Mon, 5 Dec 2011 07:54:25 +0000 (UTC) Message-ID: <4EDC78A5.1040404@gentoo.org> Date: Mon, 05 Dec 2011 08:54:13 +0100 From: =?UTF-8?B?IlBhd2XFgiBIYWpkYW4sIEpyLiI=?= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:8.0) Gecko/20111105 Thunderbird/8.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] We need *you* for a USE="selinux" dependency References: <20111204203550.GA20891@gentoo.org> In-Reply-To: <20111204203550.GA20891@gentoo.org> X-Enigmail-Version: 1.3.3 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigE776E365B35FDDF764E16520" X-Archives-Salt: 539764ef-4359-4101-9fcc-6ff216a11a6d X-Archives-Hash: ce8b8f2dfc4d8e7b044680d9cdc8d4e3 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigE776E365B35FDDF764E16520 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 12/4/11 9:35 PM, Sven Vermeulen wrote: > Within the Gentoo Hardened project, we are working on getting the SELin= ux > support into shape. Recent evolutions are the stabilization of latest u= pstream > userspace utilities and policies as well as documentation improvements = and even > some "human resource improvements" (read: fresh blood in our ranks). This is excellent progress! Kudos for working on this. > In Gentoo, unlike some other distributions, we try to keep the number o= f > loaded/installed modules to a minimum so that policy rebuilds as well a= s the > system overhead is limited. This results in a "base" policy (provided b= y > selinux-base-policy) and modules (provided by sec-policy/selinux-). To make > sure that installations of a package pull in the right SELinux module, = the > proper dependencies must be defined. Are you sure this is right choice? It seems to me that it'd be better to focus no making things work, and increasing the complexity of the deps makes this harder (and increasing the number of packages you maintain too). Unless you have _abundant_ resources to deal with that, I'd like to discourage you from handling policies that way. Furthermore, imagine I'm adding a new package "foo" that is covered by the SELinux policy. Most developers don't use SELinux (hey, I suspect most of them don't even use developer profile; bad, bad!). How do I know whether it's sec-policy/selinux-foo that's not yet added or sec-policy/selinux-games or something else... If the complete policy is in one package, this should be obvious, and we don't even need deps for that. > Since there are quite a few packages that would need updates, I thought= about > first mailing gentoo-dev for feedback and perhaps a first chunk of work= done. I > also wouldn't mind creating bugreports for each of them, but that would= still be > best done after having mailed gentoo-dev ;-) As said by other devs here, I also think it'd be more effective if you just do the change yourself. USE=3D"selinux" doesn't affect anything else= so it's safe. --------------enigE776E365B35FDDF764E16520 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) iEYEARECAAYFAk7ceKsACgkQuUQtlDBCeQJr7wCeJuk5J+Zv01o1PMo9Qn+7VpHd 1TsAniLnVfBBsUpCcvqQxeu86QNS0I0B =1XdL -----END PGP SIGNATURE----- --------------enigE776E365B35FDDF764E16520--