Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Sven Vermeulen <sven.vermeulen@××××××.be>
To: gentoo-hardened@l.g.o
Subject: [gentoo-hardened] Update on SELinux development guideline(s)
Date: Tue, 23 Aug 2011 18:11:53
Message-Id: 20110823181002.GA11923@siphos.be
1 Hi guys,
2
3 In the "Gentoo Hardened SELinux Development Policy" [1] we have a section
4 requiring development to use the 'gentoo_' prefix. The reason for that was
5 to ensure no collisions occur when a patch is added upstream.
6
7 [1] http://www.gentoo.org/proj/en/hardened/selinux-policy.xml
8
9 However, with the release of 20110726 and other changes, I'm pondering about
10 removing this section from the guideline, and here is why...
11
12 First of all, "safe migration" is not possible. We had around 40-something
13 patches applied to 20101213 and less than one third could still be applied
14 to 20110726. Not because the patch was included, but because the structure
15 of the code had changed. All other patches needed to be made manual anyhow.
16
17 Using gentoo_ prefix or not wouldn't make a difference here.
18
19 Second, if a collision occurs, we would either get a failed patch (which we
20 can then safely drop from our patch bundle) or a duplicate definition (which
21 we will notice during builds, after which we can update our patches).
22
23 Using gentoo_ prefix or not wouldn't make a difference here.
24
25 Third, we are pushing many of our changes upstream. However, as long as we
26 use different naming conventions, then the patches cannot easily be pushed.
27 Currently, I'm manually typing over most patches that include gentoo_
28 prefixes into a reference policy checkout for submitting upstream, which is
29 *very* time consuming.
30
31 Using gentoo_ prefix is a time hogger. Using upstream naming convention
32 would be much leaner.
33
34 Fourth, supporting tools that help SELinux developers for a proper coding
35 style as well as other documents and guidelines are often based on the
36 naming convention. By using a gentoo_ prefix, these tools give warnings (and
37 the documents are less valid). If we need anything at all, a suffix would be
38 much more flexible.
39
40 Using gentoo_ prefix here is causing development efforts to become more
41 difficult.
42
43
44 I'd rather use the gentoo_ prefix for those things that we *know* are not to
45 be merged upstream anytime soon and which are /Gentoo/ specific (like some
46 of our booleans).
47
48 Any objections here?
49
50 Wkr,
51 Sven Vermeulen

Replies

Subject Author
Re: [gentoo-hardened] Update on SELinux development guideline(s) Chris Richards <gizmo@×××××××××.com>
Report Message
Find on MARC Find on Google Groups