From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
To: Chris PeBenito <pebenito@gentoo.org>
Cc: SE-Linux <selinux@tycho.nsa.gov>
Subject: Re: gentoo/hardened
Date: Tue, 31 May 2005 12:05:42 +0100 [thread overview]
Message-ID: <20050531110542.GA4131@lkcl.net> (raw)
In-Reply-To: <1117512454.1742.101.camel@chris.pebenito.net>
On Tue, May 31, 2005 at 12:07:34AM -0400, Chris PeBenito wrote:
> > okay - how about splitting what you classify as "dead policy"
> > [wrt gentoo] out into separate files, then submitting
> > a patch that then makes it easier for gentoo to "exclude"
> > those files... WITHOUT people like me having to wade through
> > a diff -ru to work out what you've deleted!
>
> I think I had a poor choice of words. Its not dead policy, its unused
> policy.
ah - i understood that, i just didn't make it clear that i understood
it - apologies.
> > it also means that people have to _explicitly_ install an
> > selinux policy package in order to allow the service to
> > actually... er... work!
>
> No, as I said above, it is pulled in as a dependency. So if you install
> ntp, selinux-ntp (the ntpd policy package) is installed first. It does
> not have to be explicitly installed.
oh, cool. [hm, i'd done an explicit emerge so hadn't noticed.]
> > valdis just this week chopped a stack-load of [iirc
> > correctly: unused? ] macro stuff out and the memory usage
> > dropped dramatically.
>
> I am not concerned about the size of the policy.conf, I'm concerned
> about the size of the policy in kernel memory.
i understood valdis to be equally so concerned.
> > ... there _are_ people however whose expertise you could ride with -
> > stephen, russell, tresys - but forking a separate gentoo/hardened
> > policy makes their expertise that _extra_ bit more remote.
>
> I don't see how a little divergence makes their expertise remote. BTW, I
> also work on policy at Tresys if you didn't realize :)
:) evidently not :)
thank you for evaporating my concerns.
... so am i allowed to ask you, after endeavouring to shoot
everybody down in flames: any chance you could make your
latest [experimental?] gentoo policy available? i do need
to get a gentoo/hardenened workstation running, asap.
much appreciated,
l.
--
--
<a href="http://lkcl.net">http://lkcl.net</a>
--
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2005-05-31 11:03 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-30 1:31 gentoo/hardened Luke Kenneth Casson Leighton
2005-05-30 23:46 ` gentoo/hardened Chris PeBenito
2005-05-31 0:57 ` gentoo/hardened Luke Kenneth Casson Leighton
2005-05-31 4:07 ` gentoo/hardened Chris PeBenito
2005-05-31 11:05 ` Luke Kenneth Casson Leighton [this message]
2005-05-31 12:29 ` gentoo/hardened Stephen Bennett
2005-05-31 21:23 ` gentoo/hardened Luke Kenneth Casson Leighton
2005-05-31 15:33 ` gentoo/hardened Casey Schaufler
2005-05-31 13:47 ` gentoo/hardened Valdis.Kletnieks
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050531110542.GA4131@lkcl.net \
--to=lkcl@lkcl.net \
--cc=pebenito@gentoo.org \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.