On 10/24/2016 03:13 PM, Stephen Smalley wrote: > On 10/22/2016 09:44 AM, Chris PeBenito wrote: >> On 10/21/16 13:47, Stephen Smalley wrote: >>> policycoreutils started life as a small set of utilities that were >>> necessary or at least widely used in production on a SELinux system. >>> Over time though it has grown to include many optional components, and >>> even within a given subdirectory (e.g. sepolicy) there seem to be a >>> number of components that should be optional (e.g. the dbus service). >>> I'd like to propose that we move a number of components out of >>> policycoreutils into their own top-level subdirectory (possibly grouping >>> some of the related ones together). >> >> I'm not sure where the main part of sepolicy should go, but it would be >> nice to split it out since it depends on setools which has heavier >> dependencies than a core system package should typically have IMO >> (NetworkX, which pulls in scipy, numpy, matplotlib, etc.) > > I would be in favor of that too, but hesitated to do so because it would > require moving audit2allow and semanage out of policycoreutils as well. > Fedora does package those as part of policycoreutils-python (along with > sepolgen). Arguably audit2allow isn't necessary for production (but > many users of SELinux in Linux distributions rely on it), but semanage > is more fundamental these days. > > However, if people are open to moving sepolicy, audit2allow, and > semanage, possibly combining them with sepolgen in a new > subdirectory/package, then we could explore that. > Yes please. These aren't needed or feasible in a CIL only config > > _______________________________________________ > Selinux mailing list > Selinux@xxxxxxxxxxxxx > To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. > To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx. > -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
