From: Tom <tom@lemuria.org>
To: SELinux Mail List <selinux@tycho.nsa.gov>
Subject: Re: policy under version control
Date: Tue, 2 Dec 2003 08:08:34 +0100 [thread overview]
Message-ID: <20031202080830.E17580@lemuria.org> (raw)
In-Reply-To: <200312021430.51186.russell@coker.com.au>; from russell@coker.com.au on Tue, Dec 02, 2003 at 02:30:51PM +1100
On Tue, Dec 02, 2003 at 02:30:51PM +1100, Russell Coker wrote:
> I also see a need for multiple policy distributions, but I don't think that
> they will be close enough to each other to enable them to productively be in
> the same tree.
>
> Some policy files such as core_macros.te can be in all policies, but most of
> the .te files won't.
>
> I think that policies will either be close enough that macros can be used to
> merge them, or different enough that they can't be kept to gether in any way.
That's exactly where a more modern replacement of 20-year-old CVS would
help. From what I read about arch, it would be well possible to define,
say:
This is Tom's Whatever Policy Repository
all macros and these and these file_contexts and domain/program files
are identical to the upstream policy (*)
these 2 files are different (**)
these 4 files replace their counterparts upstream
these 12 files are new
(*) this definition is very much like a network-aware symlink
(**) very much like a diff, with a built-in pointer to the URL of the
original
I think this'll be very much easier than a dozen people either
maintaining a dozen policies, or keeping a dozen diff sets up to date.
Also, it solves the patch nightmare for users. You go to one place and
issue a checkout command, instead of finding the original, the 5
patches you need, and then fiddling around in how to apply them in what
order to get it all working.
Note: I haven't worked with arch yet except for some testing. I'm just
trying to point out that we could make our lives easier. I volunteer
for setting up an arch repository for a testrun, if there's enough
people interested.
--
http://web.lemuria.org/pubkey.html
pub 1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org>
Key fingerprint = C731 64D1 4BCF 4C20 48A4 29B2 BF01 9FA1 2D7A 04F5
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2003-12-02 7:15 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-11-29 13:26 policy under version control Andreas Schuldei
2003-11-29 15:05 ` Tom
2003-11-29 21:35 ` Russell Coker
2003-12-01 15:13 ` Stephen Smalley
2003-12-01 19:28 ` Tom
2003-12-01 22:53 ` Dale Amon
2003-12-02 3:30 ` Russell Coker
2003-12-02 7:08 ` Tom [this message]
2003-12-02 9:59 ` Brian May
2003-12-06 15:57 ` Colin Walters
2003-12-07 11:30 ` Tom
2003-12-07 13:41 ` Andreas Schuldei
2003-12-07 13:44 ` Russell Coker
2003-12-07 13:59 ` Tom
2003-12-07 13:57 ` Tom
2003-12-02 14:58 ` Colin Walters
2003-12-02 18:52 ` Tom
2003-12-03 13:34 ` Tom
-- strict thread matches above, loose matches on Subject: below --
2003-12-03 15:36 Karl MacMillan
2003-12-03 16:56 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20031202080830.E17580@lemuria.org \
--to=tom@lemuria.org \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.