From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH v4 00/27] SELinux Buildroot Additions
Date: Sat, 10 Jan 2015 16:51:34 +0100 [thread overview]
Message-ID: <20150110165134.617b741c@free-electrons.com> (raw)
In-Reply-To: <1420816288-8750-1-git-send-email-matthew.weber@rockwellcollins.com>
Dear Matt Weber,
On Fri, 9 Jan 2015 09:11:01 -0600, Matt Weber wrote:
> ### What's SELinux?
>
> Security-Enhanced Linux (SELinux) is a Linux feature that provides
> a variety of security policies, including U.S. Department of Defense
> style mandatory access controls (MAC), through the use of Linux
> Security Modules (LSM) in the Linux kernel. It is not a Linux
> distribution, but rather a set of modifications that can be applied
> to Unix-like operating systems, such as Linux and BSD.
Thanks for your persistence with this major effort. I must say overall
I am still a bit scared by the amount of patches needed in the various
SELinux components to get them to behave properly in a
cross-compilation environment, and I believe those changes should be
submitted upstream.
I made the exact same comment back when you submitted the first
version in September 2013, but apparently no work has been done to
improve upstream with regarding to cross-compilation. I'm certainly not
asking for the entire work to be done. But the fact that within the 1.5
years since you first submitted this patch series, you have apparently
not worked with upstream to resolve those issues does not make me very
comfortable. What tells me that this upstreaming work will start at
some point?
Main examples:
- The Swig / setools patch. This patch is quite long, but fairly
trivial. Why hasn't it been submitted upstream?
- Clearly, the thing that scares me the most if the replacement of the
audit header generation by a Python script. Can we get at least some
feedback from upstream on what approach they could accept? See also
what Yocto is doing to solve this problem:
http://git.yoctoproject.org/cgit/cgit.cgi/meta-selinux/tree/recipes-security/audit/audit/audit-for-cross-compiling.patch
Can you give me your plans about upstreaming those cross-compilation
changes?
Thanks,
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
next prev parent reply other threads:[~2015-01-10 15:51 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-09 15:11 [Buildroot] [PATCH v4 00/27] SELinux Buildroot Additions Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 01/27] sepolgen: new package Matt Weber
2015-01-09 15:22 ` Thomas Petazzoni
2015-01-09 15:11 ` [Buildroot] [PATCH v4 02/27] sqlite: Add host build support Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 03/27] setools: new package Matt Weber
2015-01-09 15:37 ` Thomas Petazzoni
2015-01-09 15:11 ` [Buildroot] [PATCH v4 04/27] python-pyparsing: Add host build option Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 05/27] audit: new package Matt Weber
2015-01-09 15:32 ` Thomas Petazzoni
2015-01-09 15:11 ` [Buildroot] [PATCH v4 06/27] policycoreutils: " Matt Weber
2015-01-09 16:34 ` Thomas Petazzoni
2015-01-09 15:11 ` [Buildroot] [PATCH v4 07/27] python-pyxml: " Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 08/27] refpolicy: " Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 09/27] repolicy: base policy modifications for embedded target Matt Weber
2015-01-09 15:42 ` Thomas Petazzoni
2015-01-09 15:11 ` [Buildroot] [PATCH v4 10/27] refpolicy: custom git repo Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 11/27] shadow: new package Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 12/27] busybox: applets as individual binaries Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 13/27] busybox: selinux support Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 14/27] busybox: added linux-pam support Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 15/27] busybox: default selinux config which disables init and uses sysvinit Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 16/27] qemu_x86_selinux_defconfig: base SELinux QEMU image for x86 Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 17/27] linux-pam: selinux support Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 18/27] sysvinit: added libselinux dependency Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 19/27] dbus: selinux file context support Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 20/27] logrotate: selinux support Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 21/27] openssh: selinux and pam support Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 22/27] util-linux: selinux, audit, " Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 23/27] vim: selinux support Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 24/27] rsyslog: fix config file comment style Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 25/27] qemu x86 readme: documented selinux target Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 26/27] readline: host support for host-sqlite Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 27/27] libsemanage: cleanup python use and license definition Matt Weber
2015-01-10 15:51 ` Thomas Petazzoni [this message]
2015-01-12 15:32 ` [Buildroot] [PATCH v4 00/27] SELinux Buildroot Additions Matthew Weber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150110165134.617b741c@free-electrons.com \
--to=thomas.petazzoni@free-electrons.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox