From: Karl MacMillan <kmacmillan@mentalrootkit.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: SELinux Mail List <selinux@tycho.nsa.gov>,
Joshua Brindle <jbrindle@tresys.com>
Subject: Re: [PATCH] add selpolgen
Date: Fri, 19 Jan 2007 11:23:36 -0500 [thread overview]
Message-ID: <45B0F088.2030104@mentalrootkit.com> (raw)
In-Reply-To: <1169222979.22731.567.camel@moss-spartans.epoch.ncsc.mil>
Stephen Smalley wrote:
> On Fri, 2007-01-19 at 08:49 -0500, Stephen Smalley wrote:
>> On Thu, 2007-01-18 at 14:53 -0500, Karl MacMillan wrote:
>>> Stephen Smalley wrote:
>> We can follow whatever practice is normal for python modules. However,
>> how are those usually packaged? Separate from the application that uses
>> them? Or together? As it stands, this module would become a dependency
>> of audit2allow and thus of policycoreutils; is there any benefit to
>> packaging it separately?
>
> Or conversely, we could remove audit2allow from policycoreutils and put
> it and this new python module into a single package. It isn't as though
> audit2allow is fundamental to system operation anyway.
>
I think that the separation is desirable and matches current python
practice. The sepolgen module is meant to be generic and available to
many python programs (which is why it gets installed in python
site-packages).
I would rather break policycoreutils into multiple packages to remove
the dependency on this for minimal installations. There is a natural
division between system / policy management tools (e.g., restorecon,
semanage, newrole) and policy debugging / development (audit2allow,
audit2why, semodule_link, semodule_expand, and semodule_package).
Maybe selcoreutils (which can eventually be bundled under a single 'sel'
command like git / svn) and policydevtools. Distros may want to further
divide those packages into graphical and non-graphical.
Karl
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2007-01-19 16:23 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-16 15:26 [PATCH] add selpolgen Karl MacMillan
2007-01-16 16:23 ` Joshua Brindle
2007-01-16 16:40 ` Karl MacMillan
2007-01-18 15:45 ` Stephen Smalley
2007-01-18 19:53 ` Karl MacMillan
2007-01-19 13:49 ` Stephen Smalley
2007-01-19 16:09 ` Stephen Smalley
2007-01-19 16:23 ` Karl MacMillan [this message]
2007-01-19 16:59 ` Stephen Smalley
2007-01-19 17:08 ` Karl MacMillan
2007-01-19 17:16 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45B0F088.2030104@mentalrootkit.com \
--to=kmacmillan@mentalrootkit.com \
--cc=jbrindle@tresys.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.