Vikram Ambrose wrote:
The SE Linux <selinux@xxxxxxxxxxxxx> mailing list is being cluttered
with non selinux related material.
Especially concerning refpolicy. And there is no set fast term used
for filtering such content, and needless to say a waste of bandwidth.
SELinux without policy is like a book without pages. Think of
the reference policy as the pages of the Old Testament.
The SELinux list is not a place for non-SELinux maintainers, like
Tresys to discuss their policies within themselves. Would it be
alright for me and the other developers in my company to use the
SELinux list to discuss our policies?
Well I think so. It's kind of pointless to have a loadable policy if
everyone always uses the same one now, isn't it?
Or the next company that decides to adopt SELinux?
You bet. Any issues that arise from any policy should be discussed here.
The basic underlying mechanisms of SELinux have changed more in the past
couple years more in support of policy desires and/or issues than for
any other reason (best I can tell anyhow).
RedHat goes as far as to using the SELinux list as a communication
channel with Tresys. Unless there has been some agreement made between
the SELinux gatekeepers (NSA?) , Tresys and Redhat, I find this a
misuse of the mailing list.
In the last 4 months, there have only been a handful of unique threads
concerning SELinux. A few by Stepehen, Eric, and myself. Everything
else is policy related. With a total of 800 odd messages in this time
frame, its quite clear the policy discussion is cluttering the list.
As more and more people begin to adopt SELinux and face the battles of
SELinux integration, the userspace topic will become increasingly
popular.
Policy postings are prevalent because policy is where the flexibility of
SELinux lies.
As I see it, the current list should be split into 3.
1. selinux-kernel
This would be a very low volume list. .Perhaps even with special
clearance to address security holes and concerns.
Please, no restricted lists. This is Open Source, after all.
2. selinux-userspace
This list would deal with userspace tools, wrappers and other non
kernel related material. Whether it be NSA's userspace tools or
support for 3rd party applications being compiled to be selinux-aware
using libselinux. This list is very important, if not the most
important of the three.
I could agree if the tool chain, applications, and runtime were not
so tightly integrated with and dependent on the policy.
3. selinux-policy
This list will deal with policies. A good place for Administrators
and policy developers to discuss the creation, debugging and use of
various policies. This as it stands would have the highest volume.
Nevertheless as suggested by Grift Dominick on #selinux, a forum would
be an even better place to discuss policies. Repository of ideas,
designs and development dedicated to policies. A forum for the
Administrator and Policy Developer.
The policy feeds into the tools which feed back into the policies.
The bulk of the tools are there to deal with policy, so I don't see
them being reasonably separable.
Without this breakdown, the selinux list would be analogous to people
talking about GNU and C programming on lkml.
Which is something that happens from time to time. For good or ill
SELinux is a system, not a just kernel component. Anyone who is serious
about using or even monitoring what goes on with SELinux would need
to watch all three of the proposed lists to make sense of what's
going on.
That is of course the view from over here.
Thank you.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
