| 1 |
On 02/12/2011 08:20 AM, Sven Vermeulen wrote: |
| 2 |
> I rather not follow Gentoo's package names. I know it might make it easier |
| 3 |
> to deduce which sec-policy/selinux-* packages need to be installed on a |
| 4 |
> system, but this is a temporary situation - in the long term, we want all |
| 5 |
> packages that have SELinux policies to have an optional (selinux) dependency |
| 6 |
> against their sec-policy/selinux-* package. The downside would be that we |
| 7 |
> need to either make duplicate packages for these tools that have policies |
| 8 |
> within the same module (think the bootloader case) or use a different naming |
| 9 |
> convention for those particular packages. |
| 10 |
|
| 11 |
TBH, I really see nothing wrong with the naming convention we are using |
| 12 |
now, which (AFAIK) pretty much follows the upstream module naming |
| 13 |
convention (which I think is what you are proposing). In all |
| 14 |
probability, it seems rather unlikely that there will be multiple |
| 15 |
selinux policy modules with the same file name, as the file name tends |
| 16 |
to reflect either the module name or its functionality (depending on |
| 17 |
what's included in the file), either of which will tend to constrain the |
| 18 |
range of both possible and likely names. |
| 19 |
|
| 20 |
I also am not following the argument about 'make duplicate packages'? |
| 21 |
If a policy module ebuild can work for multiple different packages, that |
| 22 |
is fine. We simply have an optional selinux dependency in each of the |
| 23 |
application ebuilds on that same selinux module. If the module is |
| 24 |
already installed then the dependency is already satisfied. If not, |
| 25 |
then we pull it in. Or am I missing something? |
| 26 |
|
| 27 |
I agree that the long-term goal should be to modify all packages that |
| 28 |
need to have an selinux module such that they have an optional selinux |
| 29 |
dependency. |
| 30 |
|
| 31 |
As blueness has pointed out, renaming a bunch of packages is a PITA. I |
| 32 |
really don't see that we get anything from doing so at this point, |
| 33 |
except a bunch of pain. |
| 34 |
|
| 35 |
Later, |
| 36 |
Chris |
Archives