[arch-general] base stuff

Thomas S Hatch thatch45 at gmail.com
Sat Apr 9 13:54:23 EDT 2011 

On Sat, Apr 9, 2011 at 11:49 AM, Yaro Kasear <yaro at marupa.net> wrote:

> On Saturday, April 09, 2011 12:01:04 Thomas S Hatch wrote:
> > On Sat, Apr 9, 2011 at 9:18 AM, Yaro Kasear <yaro at marupa.net> wrote:
> > > On Friday, April 08, 2011 14:29:34 Heiko Baums wrote:
> > > > Am Fri, 8 Apr 2011 10:55:16 -0600
> > > >
> > > > schrieb Thomas S Hatch <thatch45 at gmail.com>:
> > > > > Yaro makes many good points, I think that my recommendation
> would
> > >
> > > be
> > >
> > > > > to allow someone to maintain support for SELinux in community. If
> > > > > SELinux support is deemed something that would be a good idea to
> > >
> > > move
> > >
> > > > > to core in the future than do so, otherwise leave it in community.
> > > >
> > > > I'd prefer a separate [selinux] repo. So that people know what they
> are
> > > > doing.
> > > >
> > > > I know, packages with SELinux support could and should be named
> > > > something like selinux-XXX or XXX-selinux, but I think a new repo
> would
> > > > be better and more secure - not only from SELinux' view.
> > > >
> > > > This way SELinux users can just add [selinux] to pacman.conf above
> > > > [core]. For the other users it should be deactivated by default.
> > > >
> > > > Heiko
> > >
> > > Here's another question. Isn't it general packaging policy to not fully
> > > support packages that have unofficial upstream patches applied? Isn't
> > > SELinux "unofficial" to all the upstream?
> >
> > SELinux has been in the vanilla kernel for quite some time, say the
> 2.6.20
> > ish realm, and the majority of the core utils have had SELinux support
> > built in for years. SELinux is official upstream.
> >
> > But I don't want to argue about this anymore :) I think that we have a
> > solution, I will be putting up an SELinux third party repo for testing in
> > the next month or two and then once we have an assurance that it is
> working
> > well we look into moving SELinux support into community.
> >
> > This has been a great discussion, and I am excited to get some work done
> on
> > improving SELinux support on Arch!
> >
> > -Thomas S Hatch
>
> What about the SELinux patches for things other than the kernel? Are those
> "official" to upstream? This is not for an argument, now I'm just genuinely
> curious.
>

The vast majority are, but there are a few places where patches are needed,
like in pam and ssh.

So yes, there is a "half and half" going on. Basic SELinux support works
without patches, but adding some of the more advanced features to some of
the core applications require a few patches.

-Thomas S Hatch

More information about the arch-general mailing list