Re: base stuff

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Sat, Apr 9, 2011 at 11:56 AM, Yaro Kasear <yaro@xxxxxxxxxx> wrote:

> On Saturday, April 09, 2011 12:54:23 Thomas S Hatch wrote:
> > On Sat, Apr 9, 2011 at 11:49 AM, Yaro Kasear <yaro@xxxxxxxxxx> wrote:
> > > On Saturday, April 09, 2011 12:01:04 Thomas S Hatch wrote:
> > > > On Sat, Apr 9, 2011 at 9:18 AM, Yaro Kasear <yaro@xxxxxxxxxx>
> wrote:
> > > > > On Friday, April 08, 2011 14:29:34 Heiko Baums wrote:
> > > > > > Am Fri, 8 Apr 2011 10:55:16 -0600
> > > > > >
> > > > > > schrieb Thomas S Hatch <thatch45@xxxxxxxxx>:
> > > > > > > Yaro makes many good points, I think that my recommendation
> > >
> > > would
> > >
> > > > > be
> > > > >
> > > > > > > to allow someone to maintain support for SELinux in
> community. If
> > > > > > > SELinux support is deemed something that would be a good
> idea to
> > > > >
> > > > > move
> > > > >
> > > > > > > to core in the future than do so, otherwise leave it in
> > > > > > > community.
> > > > > >
> > > > > > I'd prefer a separate [selinux] repo. So that people know what
> they
> > >
> > > are
> > >
> > > > > > doing.
> > > > > >
> > > > > > I know, packages with SELinux support could and should be
> named
> > > > > > something like selinux-XXX or XXX-selinux, but I think a new repo
> > >
> > > would
> > >
> > > > > > be better and more secure - not only from SELinux' view.
> > > > > >
> > > > > > This way SELinux users can just add [selinux] to pacman.conf
> above
> > > > > > [core]. For the other users it should be deactivated by default.
> > > > > >
> > > > > > Heiko
> > > > >
> > > > > Here's another question. Isn't it general packaging policy to not
> > > > > fully support packages that have unofficial upstream patches
> > > > > applied? Isn't SELinux "unofficial" to all the upstream?
> > > >
> > > > SELinux has been in the vanilla kernel for quite some time, say the
> > >
> > > 2.6.20
> > >
> > > > ish realm, and the majority of the core utils have had SELinux
> support
> > > > built in for years. SELinux is official upstream.
> > > >
> > > > But I don't want to argue about this anymore :) I think that we have
> a
> > > > solution, I will be putting up an SELinux third party repo for
> testing
> > > > in the next month or two and then once we have an assurance that it
> is
> > >
> > > working
> > >
> > > > well we look into moving SELinux support into community.
> > > >
> > > > This has been a great discussion, and I am excited to get some work
> > > > done
> > >
> > > on
> > >
> > > > improving SELinux support on Arch!
> > > >
> > > > -Thomas S Hatch
> > >
> > > What about the SELinux patches for things other than the kernel? Are
> > > those "official" to upstream? This is not for an argument, now I'm just
> > > genuinely curious.
> >
> > The vast majority are, but there are a few places where patches are
> needed,
> > like in pam and ssh.
> >
> > So yes, there is a "half and half" going on. Basic SELinux support works
> > without patches, but adding some of the more advanced features to some
> of
> > the core applications require a few patches.
> >
> > -Thomas S Hatch
>
> Great! Well, I look forward to maybe testing out your repository. Maybe
> I'll
> actually get SELinux working.
>

Thats good to hear!
SELinux really is amazing stuff :)


[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux