Re: [RFC] Split up policycoreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 10/24/16 23:49, Jason Zaman wrote:

On Mon, Oct 24, 2016 at 09:13:42AM -0400, Stephen Smalley wrote:

On 10/22/2016 09:44 AM, Chris PeBenito wrote:

On 10/21/16 13:47, Stephen Smalley wrote:
I'm not sure where the main part of sepolicy should go, but it would be
nice to split it out since it depends on setools which has heavier
dependencies than a core system package should typically have IMO
(NetworkX, which pulls in scipy, numpy, matplotlib, etc.)


I would be in favor of that too, but hesitated to do so because it would
require moving audit2allow and semanage out of policycoreutils as well.
Fedora does package those as part of policycoreutils-python (along with
sepolgen).  Arguably audit2allow isn't necessary for production (but
many users of SELinux in Linux distributions rely on it), but semanage
is more fundamental these days.

However, if people are open to moving sepolicy, audit2allow, and
semanage, possibly combining them with sepolgen in a new
subdirectory/package, then we could explore that.


My eventual goal for seobject.py was to just kill it, there isnt really
anything that setools4 doesnt have. For the last release mostly due to
lack of time I changed several parts to just be sort of thin wrappers
around setools.

sepolicy also seemed like two separate things. one part was a kind of
library thing which i updated to use setools4 too, that would be better
off dying or being a separate small lib. then there is the whole gui
part of sepolicy which can probably be split out. I dont think i've ever
personally used the gui. semanage only requires the lib parts.

I havent looked too much into the core of setools4 other than what I
needed to update sepolicy so I'm not sure how important networkX and
stuff are. semanage might only require the base stuff if we're able to
split that out?
NetworkX is a dependency for the domain transition and information flow analyses only. You could conceivably make those conditional, but I'm not particularly fond of the idea. 

--
Chris PeBenito
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux