From: guido@trentalancia.com (Guido Trentalancia)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] ANN: Reference Policy contrib repository
Date: Fri, 09 Sep 2011 18:22:32 +0200 [thread overview]
Message-ID: <1315585353.2170.6.camel@vortex> (raw)
In-Reply-To: <4E6A3225.2090502@tresys.com>
On Fri, 2011-09-09 at 11:35 -0400, Christopher J. PeBenito wrote:
> The challenge of Reference Policy has always been balancing the needs of having a well reviewed policy against responding to fairly rapid application development and new user needs in Linux. If you are not familiar with the differences between the Reference Policy and Fedora policy, it is quite large. Since Fedora is the largest SELinux-enabled distribution, its development version, rawhide, is on the front lines of seeing new features in apps. Due to Dan and Miroslav's extensive work, the Fedora policy evolves rapidly. However, this has proven to be too fast for me to constantly review all the changes and integrate them upstream, resulting in the huge difference between the two policies.
>
> To ameliorate this situation, additional contributors with commit access have been added for Reference Policy. To be specific, a large amount of the policy has been moved into a contrib layer (a git submodule), where these contributors may commit. The core policy modules will remain in the primary Reference Policy repository, for which I remain the maintainer. Due to its nature, the contrib repository will be faster moving and less reviewed than the core Reference Policy repository.
>
> The core modules are critical modules on the system. This includes all of the kernel layer, most of the system and roles layers, some admin modules, such as bootloader, su, and sudo, and userspace object managers. It is possible to build a policy using only the core modules. It is important to ensure these modules are well reviewed to ensure quality, so Reference Policy can be used as a base for both general-purpose systems (e.g. Linux distributions) and custom systems. All remaining modules were moved to the contrib repository. An important thing to note is that in the future, modules may move between core and contrib as necessary.
>
> For those that have a current checkout of the repository, you will need to do the following to get the new contrib submodule:
>
> $ git pull
> $ git submodule init
> $ git submodule update
Is such "contrib" submodule going to always remain optional ?
> If you are looking to check out the repository for the first time, the instructions are at:
> http://oss.tresys.com/projects/refpolicy/wiki/RepositoryCheckout
Regards,
Guido
next prev parent reply other threads:[~2011-09-09 16:22 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-09 15:35 ANN: Reference Policy contrib repository Christopher J. PeBenito
2011-09-09 15:35 ` [refpolicy] " Christopher J. PeBenito
2011-09-09 15:58 ` Robert Lee
2011-09-09 16:17 ` Christopher J. PeBenito
2011-09-09 16:17 ` [refpolicy] " Christopher J. PeBenito
2011-09-09 16:22 ` Guido Trentalancia [this message]
2011-09-09 16:28 ` Christopher J. PeBenito
2011-09-12 20:45 ` Daniel J Walsh
2011-09-13 21:12 ` Dominick Grift
2011-09-13 21:31 ` Dominick Grift
2011-09-14 12:19 ` Christopher J. PeBenito
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1315585353.2170.6.camel@vortex \
--to=guido@trentalancia.com \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.