On Mon, 2005-01-03 at 11:08, Mike Hearn wrote: > Yeah this makes it rather hard for 3rd parties to track what's going on > here. Why can this stuff not all be done upstream and just merged with > Fedora at regular intervals? Fedora Core is the de facto "upstream" as far as SELinux modifications to userland are concerned. Red Hat took over maintaining the SELinux userspace patches back in early 2003 when Dan Walsh ported them to the 2.6 SELinux API and started expanding them to more programs to provide better integration into the distribution. NSA is only maintaining the core SELinux code now, i.e. the SELinux kernel code and the core set of new SELinux userland packages (libsepol, libselinux, checkpolicy, policycoreutils, policy). Information about patched userland for other distros is at the selinux sourceforge site, http://selinux.sf.net. I'd expect that the SELinux userland patches will eventually go into the upstream packages (in cases where there is still an upstream maintainer), but that wasn't likely to happen before the Fedora integration. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
