From: Miguel Bolanos <mike@linuxlabs.com>
To: Stephen Smalley <sds@epoch.ncsc.mil>
Cc: selinux@tycho.nsa.gov
Subject: Re: 2.4-based SELinux
Date: Tue, 10 Feb 2004 12:40:24 -0600 [thread overview]
Message-ID: <1076438424.3450.7.camel@pyro> (raw)
In-Reply-To: <1076427867.5910.162.camel@moss-spartans.epoch.ncsc.mil>
Greetings Stephen.
hope all is well.
Sure Compatibility is now an issue, but i do believe there is still
several people out whom will want to keep 2.4 for a while, that includes
myself.
If the 2.4-based SELinux is going to be maintained by people outside
NSA, I would like to contribute with the team doing this work.
best regards
Miguel.
On Tue, 2004-02-10 at 09:44, Stephen Smalley wrote:
> Hi,
>
> In the last nsa.gov release of SELinux, the 2.4-based SELinux (the back
> port of the 2.6-based SELinux) began to lag behind the 2.6-based
> SELinux, e.g. the new signal and resource limit inheritance controls and
> the restored network access controls were only implemented for the
> 2.6-based SELinux. The gulf between the two versions has grown further
> since that release, as all new development has only been done for the
> 2.6-based SELinux (e.g. port-based controls, getpeercon support, mount
> context options, conditional policy extensions) and we have reached the
> point where compatibility is once again an issue, although you can still
> uncomment the POLICYCOMPAT definition in the policy Makefile to build
> the older policy format.
>
> While the 2.4 back port served a useful purpose for a time in allowing
> people to start migrating to the new SELinux API and to using extended
> attributes for file security contexts without immediately jumping to
> 2.6, there seems to be little reason to continue maintaining it for much
> longer, and we are really only maintaining it for newer base kernels at
> present. Hence, I expect that a final snapshot of it will be migrated
> to the historical versions page in the future. If you have concerns
> with this, let us know, although we really don't plan on continuing to
> maintain it ourselves. Someone else could certainly seek to maintain
> it, but I'm not sure that it would be worthwhile, as Fedora Core 2
> appears to only be 2.6-based.
--
----------------------miguel bolanos, systems administrator, linux labs
... ........ ..... .... 230 peachtree st nw ste 2701
the original linux labs atlanta.ga.us 30303
-since 1995 http://www.linuxlabs.com
office 404.577.7747 fax 404.577.7743
-----------------------------------------------------------------------
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2004-02-10 18:42 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-02-10 15:44 2.4-based SELinux Stephen Smalley
2004-02-10 18:40 ` Miguel Bolanos [this message]
2004-02-13 15:44 ` Stephen Smalley
2004-02-10 20:32 ` Andreas Schuldei
2004-02-10 20:41 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1076438424.3450.7.camel@pyro \
--to=mike@linuxlabs.com \
--cc=sds@epoch.ncsc.mil \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.