On Mon, Feb 21, 2011 at 05:49:59PM -0500, Anthony G. Basile wrote:
> I am in agreement, but I hesitate because moving packages is a pita. If
> it can be done with minimal disruption, then lets move in that
> direction. Do you know what current sec-policy/selinux-* are in violation?
A quick check
On 02/21/2011 04:57 PM, Sven Vermeulen wrote:
> On Sat, Feb 12, 2011 at 02:25:29PM -0600, Chris Richards wrote:
>> On 02/12/2011 02:03 PM, Sven Vermeulen wrote:
>>> Actually, I'm rather hoping that if everyone agrees on the guideline that
>>> SELinux policy packages are called "selinux-" with bein
On Sat, Feb 12, 2011 at 02:25:29PM -0600, Chris Richards wrote:
> On 02/12/2011 02:03 PM, Sven Vermeulen wrote:
> > Actually, I'm rather hoping that if everyone agrees on the guideline that
> > SELinux policy packages are called "selinux-" with being
> > the policy name used by the reference polic
On 02/12/2011 02:03 PM, Sven Vermeulen wrote:
Indeed; however I couldn't find a post or something that reflects that we
are indeed trying to following the upstream module naming. For instance, the
packages selinux-acpi (mod=apm), selinux-courier-imap (mod=courier),
selinux-cyrus-sasl (mod=sasl),
On Sat, Feb 12, 2011 at 01:43:40PM -0600, Chris Richards wrote:
> TBH, I really see nothing wrong with the naming convention we are using
> now, which (AFAIK) pretty much follows the upstream module naming
> convention (which I think is what you are proposing).
Indeed; however I couldn't find
On 02/12/2011 08:20 AM, Sven Vermeulen wrote:
I rather not follow Gentoo's package names. I know it might make it easier
to deduce which sec-policy/selinux-* packages need to be installed on a
system, but this is a temporary situation - in the long term, we want all
packages that have SELinux pol
On Sat, Feb 12, 2011 at 02:03:40PM -0500, Anthony G. Basile wrote:
> Robbat2 brought the naming issue up and suggested the ${CAT}-${PN}
> scheme, but you make a good point about the mapping being many-to-many
> in general.
>
> If we agree to this standard, how to we grandfather in the packages tha
On 02/12/2011 09:20 AM, Sven Vermeulen wrote:
> Hi hardened-folks
>
> Gentoo Hardened aims to follow the Tresys reference policy closely for the
> SELinux policy modules / packages and puts all non-base policies in the
> sec-policy/selinux-* packages. We already had a few hints on
> #gentoo-harden
