Re: RPM support for SELinux

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Joshua Brindle <method@manicmethod.com>
To: Jeff Johnson <n3npq@mac.com>
Cc: Chad Sellers <csellers@tresys.com>, SE Linux <selinux@tycho.nsa.gov>
Subject: Re: RPM support for SELinux
Date: Thu, 22 Oct 2009 15:12:12 -0400	[thread overview]
Message-ID: <4AE0AE8C.8000801@manicmethod.com> (raw)
In-Reply-To: <99964603-25A5-4664-8EE4-99B5C07661C3@mac.com>

Jeff Johnson wrote:
>
> On Oct 22, 2009, at 2:37 PM, Chad Sellers wrote:
>
>> I just wanted to let everyone know that we've submitted a patchset to add
>> more robust SELinux support to RPM4. You can view the patchset here:
>>
>> http://lists.rpm.org/pipermail/rpm-maint/2009-October/002561.html
>>
>> Note that these patches require running on the current trunk of
>> libselinux
>> and libsemanage.
>>
>> If you're interested in trying out the support or just looking at how it
>> works, we've put up a wiki page talking about it here:
>>
>> http://selinuxproject.org/page/RPM
>>
>> Comments are welcome.
>>
>
>
> Just a short reply:
>
> The patches will never be included @rpm5.org as is because
> you missed the abstraction (for packaging) and haven't tied
> various stray identifiers as in
> Type: mls targeted

These should never be "concrete" in RPM. These are identifiers that are 
created on end systems and forcing a specific set of them is a good way 
to make sure custom solutions won't use this feature in RPM.

> to anything concrete.
>
> There are other and deeper flaws within the highly unnormalized data
> within the *.bz2 policy blobs.
>

Well, you can normalize the data if you want but chances are the format 
will be changing from the current binary blob to a text file parseable 
only by high level compilers on the end systems in the near future.

> Equivalent functionality will be done @rpm5.org instead.


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2009-10-22 19:12 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-10-22 18:37 RPM support for SELinux Chad Sellers
2009-10-22 18:54 ` Jeff Johnson
2009-10-22 19:12   ` Joshua Brindle [this message]
2009-10-22 19:43     ` Jeff Johnson
2009-10-23 13:22       ` Joshua Brindle
2009-10-23 21:27         ` Jeff Johnson
2009-10-26 17:43           ` Chad Sellers
2009-10-26 18:48             ` Jeff Johnson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4AE0AE8C.8000801@manicmethod.com \
    --to=method@manicmethod.com \
    --cc=csellers@tresys.com \
    --cc=n3npq@mac.com \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.