[DSE-Dev] Re: openssh packages with updated selinux patch

Manoj Srivastava srivasta at debian.org
Tue Oct 24 21:18:39 UTC 2006

On Tue, 24 Oct 2006 13:42:42 +0200, Frans Pop <elendil at planet.nl> said: 

> AFAICT the argument is that selinux should not be hard linked at
> all.  Having openssh require selinux libs is unwanted overhead for
> the installer.

        Well, since openssh already links with libselinux, my patch is
 not a regression.

> A solution should be found so that selinux will only be used if it
> is available _at runtime_, as was already done for some other libs
> that also produce udebs.

> See for comparison:
> http://bugs.debian.org/318115
> http://bugs.debian.org/375413

> Alternatively the udebs could be compiled separately without selinux
> support.

        Either of these would be fine (though looking at the size of
 libselinux1, I wonder if there are any numbers behind  the burden
 theory?), but that would be a more intrusive change for openssh than
 I am willing to make as a non-maintainer at this stage of the game.

        At this point, openssh links with libselinux1 where
 available. The code in openssh that exercises this library is out of
 date; I am merely bringing it up to be compatible with the SELinux
 infrastructure we will be shipping in Etch.

        I am not _adding_ selinux code to openssh; I am _updating_
 code that already exists.

There's a fine line between courage and foolishness.  Too bad it's not
a fence.
Manoj Srivastava <srivasta at debian.org> <http://www.debian.org/~srivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

More information about the SELinux-devel mailing list